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CONSUMER PRIVACY AND PROTECTION 
IN THE MOBILE MARKETPLACE 


THURSDAY, MAY 19, 2011 

U.S. Senate, 

Subcommittee on Consumer Protection, Product 

Safety, and Insurance, 

Committee on Commerce, Science, and Transportation, 

Washington, DC. 

The Subcommittee met, pursuant to notice, at 10 a.m., in room 
SR-253, Russell Senate Office Building, Hon. Mark Pryor, Chair- 
man of the Subcommittee, presiding. 

OPENING STATEMENT OF HON. MARK PRYOR, 

U.S. SENATOR FROM ARKANSAS 

Senator Pryor. I will go ahead and call our subcommittee to 
order here. I want to thank everyone for being here. We have a 
standing room only crowd. 

I want to welcome Senator Toomey, who is just sitting down 
here, as the new Ranking Member. Welcome aboard. We are ex- 
cited about you and your leadership here. And you and I need to 
talk offline at some point about this great subcommittee, but thank 
you for being here. 

And Senator Kerry, thank you for being here. 

We have others that are on the way, but I would like to go ahead 
and start. I know that Senator Kerry only has a limited time here, 
and my understanding is Senator Rockefeller is trying to make it, 
and he has limited time. So let us get under way. 

I would like to welcome everyone, thank everyone for being here, 
thank all of our witnesses who are participating today. Certainly, 
this is a very important hearing on privacy in the mobile market- 
place. As Chairman of the Consumer Protection Subcommittee, I 
appreciate all of your willingness to participate in this very impor- 
tant dialogue. 

As technology evolves, consumers continue to lose control of their 
personal information. Without question, cell phones have become a 
part of that trend, as they have become more and more versatile. 
Today, more than 234 million Americans use mobile devices, and 
73 million Americans have smartphones or are expected to own 
smartphones by the end of 2011. 

There are hundreds of thousands of software applications, also 
known as apps, on the market today. Apps allow us to play games, 
share information with friends, read the news, find the cheapest 
gas in town. In fact, I am aware of one app that allows people to 
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find the nearest kosher restaurant and nearest synagogue. So there 
seems to be an app for everything. 

And while their innovation and creativity has defined the mobile 
app space, we understand that most of the app producers do not 
have a privacy policy. And the vast majority of consumers who use 
these apps really don’t have any idea about the ways their personal 
information — including their age, location, gender, income, and eth- 
nicity — that is contained in their phones can be shared either with 
the company or with third parties. 

In other words, while smartphone users may voluntarily submit 
some information to software applications, it is not clear that 
Americans who own smartphones understand how their informa- 
tion may be used or transferred as a result of the download. 

In fact, last night I talked to my two teenage children. Both of 
them have apps that share information. Neither of them had any 
idea that that information was being shared, and I think that is 
the way most Americans are. 

Consequently, it is not surprising that we are facing a new and 
emerging mobile world that lacks basic parameters and best prac- 
tices. Where are the opt-out options or where are the privacy poli- 
cies? And that is some of the things we will talk about today. 

The mapping of consumers’ movements without consent is unac- 
ceptable, and an application game that transfers a consumer’s loca- 
tion data to ad networks without informing the user is greatly 
troubling. While location technology can assist law enforcement, 
and there certainly are good things about it — it can be helpful in 
emergency situations — geolocation tracking also poses serious safe- 
ty concerns. 

Therapists who work with domestic abuse victims have noted the 
increase in clients stalked via cell phones. Indeed, a Wall Street 
Journal article cited tragic instances where stalkers exploited the 
GPS system and the location data collected by consumers’ 
smartphones to track their victims. The results have been deadly 
in some cases. 

Demonstrating the highly intrusive nature of some of this tech- 
nology, one website sells something they call “Mobile Spy” software 
and actually markets this product as a completely stealth moni- 
toring program. The website says once installed on a phone, Mobile 
Spy remains hidden, but logs calls and text to a Mobile Spy server. 
Then the snoop can log in and see a complete record of incoming 
and outgoing calls, the time and duration of the calls, and read text 
messages, both sent and received. 

So I would like to hear from our witnesses today about the risk 
to consumers, that consumers see when their information is col- 
lected and reported; the consumers’ understanding of what infor- 
mation is being collected or transferred through mobile apps; the 
extent of geolocation information collection and related privacy con- 
cerns, particularly with an emphasis on children there; how compa- 
nies are working to allay these concerns; and suggestions for en- 
forcement of basic privacy rights and security policies and stand- 
ards in the new app economy and online mobile world. 

So, with that, what I would like to do is turn it over to the Rank- 
ing Member and allow you to say a few words. Then we will call 
on Senator Kerry. 
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STATEMENT OF HON. PATRICK J. TOOMEY, 

U.S. SENATOR FROM PENNSYLVANIA 

Senator Toomey. Senator Pryor, Mr. Chairman, thank you very 
much. 

First of all, thanks for welcoming me as the new Ranking Mem- 
ber on the Subcommittee. This is a new and exciting opportunity 
for me. I am looking forward to serving with you. 

And I also want to thank you for scheduling this important hear- 
ing. This is a very important topic, and I commend you for doing 
that. 

Unfortunately, I became Ranking Member just in the last couple 
of days and, prior to that, had a previously scheduled conflict. So 
I won’t be able to stay, but I did want to make an opening state- 
ment, if I could, quickly and again commend you for doing this. 

Like most Americans, I am protective of my personal informa- 
tion, and I believe I should have control over who accesses that in- 
formation, how it is accessed, and ultimately, how it is used, in- 
cluding by commercial entities. 

As the father of young children, I am also very concerned about 
protecting their identity and safety, especially when they use mo- 
bile devices and other online applications. More children are ac- 
cessing online services through home computers and mobile devices 
than ever before, and ensuring that parents are well informed on 
how best to protect their children is a goal that I am sure we all 
share. 

Recent revelations that Apple iPhones have been tracking and 
storing user locations without consent and Facebook apps may 
have leaked profile information to advertisers are certainly causes 
for concern. These and other incidents have led many in Congress 
to question whether the Federal Government may have a legiti- 
mate interest in increasing its role in regulating this space. 

I do, however, want to commend Apple and Facebook for taking 
swift action in both cases to correct the problem. As a general mat- 
ter, I prefer to see the industry self-regulate, and I am eager to 
learn from our witnesses on the measures that have been put in 
place to safeguard against possible future consumer harms. 

I think everyone here knows very well the mobile marketplace is 
growing and changing rapidly. We now have access to mobile de- 
vices, speeds, and applications that were completely unimaginable 
just a few short years ago. Apps for smartphones have quickly 
turned into a multibillion-dollar business, and consumer demand is 
clearly very strong. 

And in our important efforts to protect consumer privacy, I just 
hope that we won’t lose sight of the many consumer benefits that 
have come from the innovative technologies that are brought to 
market by the companies that we will be hearing from today. 

As the Chairman indicated in his comments, location-based serv- 
ices provide conveniences that consumers wouldn’t have if a par- 
ticular app didn’t have access to some level of personal information. 
So before Congress takes action, I think it is important to find the 
right balance that protects consumers’ personal information while, 
at the same time, allows continuing constructive innovation to 
occur. 
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At this point, I am not quite sure exactly where that line is to 
be drawn, and I would caution against passing legislation that 
would have unintended consequences. I am hopeful that the hear- 
ing today will shed some light on this important question. 

And again, Mr. Chairman, I thank you for scheduling the hear- 
ing. 

Senator Pryor. Thank you very much. 

And we also want to thank our newest member to the Sub- 
committee and to the Committee and to the Senate. Senator Heller, 
thank you for being here. Proud to have you. 

Now, I was going to call on Senator Kerry. And the Chairman 
says I should call on Senator Kerry. So go ahead. 

STATEMENT OF HON. JOHN F. KERRY, 

U.S. SENATOR FROM MASSACHUSETTS 

Senator Kerry. Well, thank you. Thank you. Thank you, both 
chairmen. 

And welcome to our new members on the Committee. 

Mr. Chairman, thanks for holding this hearing today. It is obvi- 
ously one that attracts a lot of interest. It is a lot of money on the 
line, a lot of business, a lot of business practices, but also a lot of 
values, personal interests of Americans. 

And while today’s hearing is, obviously, principally about mobile 
phones and the apps that come with them, which are quite extraor- 
dinary and which we all use and benefit from in a lot of ways, it 
is also important, I think, to put the mobile phone and apps in the 
context of the larger discussion about privacy itself. 

I don’t think there is anybody on the Committee or in the coun- 
try or in the world who doesn’t marvel at the power and the ex- 
traordinary potential that we are currently living and that we will 
live in the future with respect to the Internet. It is constantly inno- 
vating and moving, and I am personally — and I know the Chair- 
man, Senator Rockefeller, likewise and a bunch of us on the Com- 
mittee have worked hard and long with respect to the National 
Broadband Plan, as well as the issue of releasing more spectrum 
for broadband because we want to see this potential of the Internet 
unleashed all across the country as broadly as possible. 

In fact, we have, unfortunately, in the United States of America 
parenthetically, been going in the wrong direction. We used to be 
number four in the world in terms of our broadband reach. We are 
now about number 16 or 20, depending on who you listen to. That 
is an appalling comment, and one we ought to really take note of 
as we think about this. 

I also support investments in research and development and a 
bunch of other things that will contribute to the startup of different 
businesses and firms that are going to unleash our economic poten- 
tial. 

We all in this committee understand the automatic instinct in- 
side a lot of the companies that are interested in this, which says, 
“Hey, Washington, just leave us alone. We will do fine. We will 
make this work, and the Internet will grow.” 

And over the years, I think most of us in this committee have 
been guided by the belief that in a technology market that is mov- 
ing so rapidly, that is the right approach in most cases. I have cer- 



5 


tainly stood by net neutrality. I have stood by no taxation. I have 
advocated for as open an architecture as possible in order to un- 
leash the full measure of creative energy and entrepreneurial activ- 
ity that has really brought this wonder to all of us and continues 
to innovate. 

And I am convinced that we made the right decision in the 1990s 
here to protect, to do things that did not allow privacy or other 
issues to somehow eclipse that move for innovation, and I think it 
might have slowed back then technological advances. But we are 
in a different place today. We just are in a different place today. 

And we need companies like Google and Apple and Facebook to 
join companies like Intel, eBay, Microsoft, HP, which have already 
come down on the side of common sense, very restrained, simple 
privacy protections. We need industry leaders to engage construc- 
tively in these legislative efforts to modernize our privacy laws, to 
come up to the year that we are and the state of art that we are 
with respect to the marketplace because we want the legislation to 
work for both the consumer and the entrepreneur. 

Now I have reached out to the companies that are here today 
over the last 6 or 7 months. And I appreciate the time they have 
taken to work with us so far. 

Mr. Chairman, I reject the notion — and one of our colleagues just 
sort of raised the — you know, we don’t — here is what we want to 
do, but here is what we don’t want to do. I reject the notion that 
privacy protection is the enemy of innovation. It absolutely doesn’t 
have to be and isn’t. 

In fact, a more trusted information economy, I believe, will en- 
courage greater consumer participation, greater confidence in that 
marketplace, and, in turn, more and better services in a safer com- 
mercial environment that is more respectful of other people. So, in 
the end, though not in a heavy-handed, overly prescriptive ap- 
proach, I believe that companies collecting people’s information, 
whether you are a tech titan or not, ought to comply with just a 
basic code of conduct. 

We need to establish what we as a society, in a country that has 
always valued privacy, what we as a society believes is the sort of 
basic proper treatment of people’s information. I know you can shut 
off your location services. But that doesn’t do the trick because a 
lot of those services are services we want, and we want to use 
them. 

But we also want to know that what is happening to the infor- 
mation as the consequence of using them is properly protected, that 
we are properly protected as individuals. I don’t think you can con- 
tinue to create or leave it to firms to decide on an ad hoc basis 
what that level of protection ought to be. 

And I think that is particularly true in an age when the mini- 
supercomputers that are in our pockets are with us almost at all 
times, and they are almost always on. And particularly among 
young people, there will be disposition to use most of those apps 
almost all the time. But it is also true on our computers at home 
and offline when we buy groceries or when we travel or when we 
purchase or whatever. 

So, as we sit here today, Mr. Chairman, there is no privacy law 
for general commerce whatsoever. Data collectors alone are setting 
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the rules. In S. 799, the Commercial Privacy Bill of Rights that 
Senator McCain and Senator Klobuchar and I have proposed, we 
propose rules based on fair information practice principles for all 
collectors of information, including mobile phone and mobile app 
companies that we will be talking about here today. 

And Senator Rockefeller’s do-not-track, I think, you know, that 
is a very important issue, and it is one we ought to be deeply en- 
gaged in and, you know, the votes will decide it. But whichever 
way we go on that, we still need a privacy standard. We still need 
the basic rules of the road by which everybody agrees we are going 
to protect commerce, we are going to protect the creative entrepre- 
neurial ability of the Internet, but we are also going to protect indi- 
viduals or at least give them the knowledge by which they make 
a decision as to how their information is going to be treated. 

I think that those principles include the idea that, regardless of 
the technology or method used to track Americans, they should 
know when they are being tracked, why and how long that infor- 
mation is going to be used for, and in what way. And they ought 
to know with whom that information is going to be shared and be 
able to reject or accept those practices, and they need legal protec- 
tions if that respect is not granted to them or the terms of that ar- 
rangement are violated. 

So I hope, Mr. Chairman, we are going to have a chance at the 
right moment to tackle this issue within this committee. I think it 
is a really vital one to Americans growing in its importance. 

And I look forward to hearing from the witnesses for the time 
that I can be here. I apologize I can’t be here for the whole time. 
And I thank you, Mr. Chairman, for your affording us the time to 
make these statements. 

Senator Pryor. Thank you. 

Senator Rockefeller? 

STATEMENT OF HON. JOHN D. ROCKEFELLER IV, 

U.S. SENATOR FROM WEST VIRGINIA 

Senator Rockefeller. Thank you, Mr. Chairman. 

I associate myself with every word and comma, perhaps even a 
semicolon that you have said, Senator Kerry. 

I think it is just wrong for people to be wondering about people — 
you know, we can get into the age business, and I will in a minute. 
But not knowing what is happening to them, not knowing that they 
are, in fact, being tracked. 

What you said about smartphones are, in fact, supercomputers, 
little supercomputers. They tell you where you are — tell other peo- 
ple because you make this — and some of you make this information 
available to other third parties who use it and sell it and make 
money from it, which is a violation of individual liberties, in my 
judgment. 

Look, we got 234 million mobile devices in use today. Seventy- 
five percent of teenagers own a cell phone and talk on them and 
carry them all the time. Seventy-two percent — and this is inter- 
esting to me — the wording, even — 72 percent of parents say that 
they have slept with their cell phones. 

It is a neutral statement, but it is also 

[Laughter.] 
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Senator Kerry. In today’s world, that is risky. 

Senator Rockefeller. Yes. It shows the intensity of this whole 
thing. You can’t — it has got to be under your pillow. I mean, you 
just can’t be without it. 

So I think the online privacy issue is not something of an unin- 
tended consequence. I think it is a basic American right and a 
basic American responsibility of the FTC, which I do not think has 
been very aggressive on this, and of the users, the big companies 
and all the apps folks. And not just the big ones, but the little ones 
that just may have three or four people, but there are hundreds of 
thousands of them that are pumping out apps that are totally un- 
regulated. 

And so, the question is what do we do about that? Or what do 
you do about that? Or do you want us to do something about that? 
They have to be regulated because they are producing the same 
things that get people tracked. 

I think using a mobile device has an expectation of privacy. And 
in that, the American people are misled. But I think that is part 
of the compact that you make when you go into that business. 

The companies before us today — Apple, Google, Facebook — I ap- 
preciate their being here. They are major players in all of this. And 
this won’t be your last visit, I hope. I hope. In fact, I can assure 
you, it won’t be your last visit. 

As the online world grows and evolves, the consumer privacy 
issues grow and evolve with it. The question is, is anybody watch- 
ing? Is anybody really paying attention? Are we just saying, “Oh, 
it is not my responsibility.” 

If it becomes entirely the responsibility of the Federal Govern- 
ment, people won’t like that. So how do you work with consumers 
so that they can understand the information that is being collected 
about them? They have that right. 

It comes along with the purchase price. That is what they are 
buying, the right to privacy. They are not getting that, however, 
and I think that is what we are talking about today. 

Smartphones applications allow consumers to access information 
from all over the world, take and share pictures with friends and 
family, buy coffee, even videoconferences on the go. Mobile devices 
are transforming the way consumers access the Internet, record the 
world around them, and share their lives with others. But with this 
new innovation comes a gigantic risk. 

As smartphones become more powerful, more personal informa- 
tion is being concentrated in one place. These devices are not really 
phones, as Senator Kerry said. They are miniature computers. 

Simple actions now do have unintended consequences. Unin- 
tended or intended, I am not sure. But anyway, a lot of people are 
making a lot of money off the information they collect, without the 
knowledge of those folks from that. 

A mother posting a smartphone picture of her child online may 
not realize that time and date and location information is also em- 
bedded in the picture and available to anyone who can get it, which 
is pretty much anybody. A teenager accessing an application may 
not realize that her address book is being assessed and shared with 
a third party. 
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That is not meant to happen in this country without the permis- 
sion of an adult. Four year olds aren’t very good at that. Nine year 
olds aren’t very good at that. They don’t know how to do that. So 
maybe we have to do that for them. 

And these third parties use this information to target advertising 
on individuals. It is very cynical. It is very smart. It is very good 
business, but it is very cynical. It is an abuse of that power, pass- 
ing on people’s profiles. 

So everything is new, as John Kerry said. But one thing is clear. 
Consumers want to understand and have control of their personal 
information. They have that right. That expectation is not being 
met. It is not being met. 

So I look forward to what our witnesses have to say. Last week, 
I introduced the Do-Not-Track online bill of 2011. I think that is 
a terrific bill. It makes it very simple. It just directs the Federal 
Trade Commission to establish standards by which consumers can 
tell online companies, including mobile applications, that they do 
not want their information collected it takes to collect. 

Very simple, and it applies to everybody, works on everybody. 
Then the FTC, of course, would have to make sure that companies 
respect that choice. 

Mr. Chairman, I thank you. 

Senator Pryor. Thank you, Mr. Chairman. 

And with the Committee’s permission, what I would like to do is 
go ahead and go to the first panel. 

And our first panelist today is David Vladeck. He is Director of 
the Consumer Protection Bureau of the FTC. We welcome you. We 
thank you. Glad you are here. 

Your statement will be made part of the record, your written 
statement, as well as everybody else’s opening statements, if they 
would like to submit those, and the next panel’s statements as 
well. So I would ask you to keep your opening remarks to 5 min- 
utes, if possible. 

Thank you. 

STATEMENT OF DAVID C. VLADECK, DIRECTOR, BUREAU OF 
CONSUMER PROTECTION, FEDERAL TRADE COMMISSION 

Mr. Vladeck. Chairman Pryor, Chairman Rockefeller, members 
of the Committee, I am David Vladeck, the Director of the Federal 
Trade Commission’s Bureau of Consumer Protection. 

I appreciate the opportunity to present the Commission’s testi- 
mony on consumer protection issues in the mobile marketplace. 
The views expressed in the written statement that we submitted 
represent the Commission’s views. My oral remarks and any re- 
sponse to questions represent my own views. 

Today’s hearing could not be more timely or more important. We 
are seeing explosive growth in the mobile marketplace. Device tech- 
nology is constantly improving, robust wireless Internet connec- 
tions are nearly ubiquitous, businesses are innovating, and con- 
sumers are purchasing and using smartphones at extraordinary 
rates. 

And there is no wonder why. Today’s smartphones are incredibly 
powerful, multitasking devices that marry the search capacity of a 
desktop computer with the personal, always-on, and always-with- 
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you nature of mobile phones. There is no question that these de- 
vices benefit consumers, but there is also no question that these de- 
vices raise serious privacy concerns. 

These concerns stem from exactly the always-on and always- 
with-you nature of these devices — the invisible collection and shar- 
ing of data with multiple parties; the ability to track consumers, 
including children and teens, to their precise location; and the dif- 
ficulty of providing meaningful disclosures and choices about data 
collection on a smartphone’s small screen. 

For 40 years, the Federal Trade Commission has worked to pro- 
tect consumer privacy, and we are working hard to protect con- 
sumer privacy in the mobile marketplace. To keep pace with 
changes in the mobile market, the Commission has hired tech- 
nologists, created a mobile forensic lab, conducted series of in-house 
trainings, and assembled a team focused on mobile technology. 
Every consumer protection investigation now examines the target’s 
use of mobile technology. 

Currently, we have a number of nonpublic investigations under- 
way relating to unfair and deceptive practices in the mobile mar- 
ketplace. The Federal Trade Commission’s primary law enforce- 
ment tool, the FTC Act, prohibits unfair or deceptive practices, and 
it applies in all media, including mobile. 

Last August, the Commission charged a public relations company 
with deceptively endorsing mobile gaming apps in the iTunes store. 
The Commission’s recent cases against two of the largest players 
in the mobile ecosystem, Google and Twitter, further demonstrate 
the application of the FTC’s privacy framework to the mobile mar- 
ketplace. 

As you know, the Commission is currently reviewing whether its 
privacy framework has kept pace with technological change. Last 
December, the Commission released a preliminary staff report that 
proposed a new privacy framework that rests on three rec- 
ommendations to ease the burden on consumers to protect their 
own information. 

First, privacy by design, baking privacy in at the outset. Second, 
simpler and streamlined privacy choices. And third, transparency, 
so consumers know what data is being pulled down and who is get- 
ting it and who is using it. 

These principles are especially relevant in the mobile market- 
place, given all of the concerns related to the invisible collection 
and sharing of personal information, like the precise geolocation 
data of children and teens, combined with the difficulty of pro- 
viding meaningful disclosures in a small-screen environment. 

The preliminary report also included a recommendation to imple- 
ment a universal choice mechanism for behavioral tracking, includ- 
ing behavioral advertising, often referred to as Do-Not-Track. A 
majority of the Commission has expressed support for such a mech- 
anism. Although the Commission has not taken a position on 
whether to recommend legislation in this area, the Commission 
strongly supports the goals of Chairman Rockefeller’s Do-Not-Track 
legislation and supports the approach laid out in that bill, includ- 
ing the scope of the Do-Not-Track standard, the technical feasi- 
bility and cost, and how the collection of anonymous data would be 
treated under the statute. 
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I also want to commend Senator Kerry and Senator Klobuchar 
for their work on the Commercial Privacy Bill of Rights, and the 
members of this committee, including its chair, for their leadership 
on protecting consumer privacy. 

At a time when some children learn how to play games on a 
smartphone before they learn to tie their shoes, the Commission is 
also reviewing the Children’s Online Privacy Protection Act rule to 
see whether technological changes in the online environment war- 
rant any changes in the rule and statute. 

While the review is still ongoing, remarks at last year’s COPPA 
roundtable, along with public comments we have received, dem- 
onstrate widespread consensus that both the COPPA statute and 
rule were written broadly enough to encompass most forms of mo- 
bile communications without the need for statutory change. 

In closing, the Commission is committed to protecting consumers 
in the mobile sphere through law enforcement and by working with 
industry and consumer groups to develop workable solutions that 
protect consumers while allowing for innovation. 

I am, of course, happy to answer any questions. 

[The prepared statement of Mr. Vladeck follows:] 

Prepared Statement of the Federal Trade Commission 

Chairman Rockefeller, Ranking Member Hutchison, and members of the Com- 
mittee, I am David C. Vladeck, Director of the Bureau of Consumer Protection of 
the Federal Trade Commission (“FTC” or “Commission”). I appreciate the oppor- 
tunity to present the Commission’s testimony on consumer protection issues in the 
mobile marketplace. 1 

This testimony first highlights the expansive growth of the mobile arena and what 
it means for U.S. consumers. Second, it summarizes the Commission’s response to 
new mobile technologies, the Commission’s expansion of its technical expertise, re- 
cent law enforcement actions in the mobile arena (adding to the Commission’s ex- 
tensive law enforcement experience in areas relating to the Internet and privacy), 2 
and its examination of consumer privacy issues raised by mobile technologies. Third, 
it discusses the application of a Do Not Track mechanism in the mobile environ- 
ment. 3 And finally, the testimony discusses the special issues that mobile tech- 
nologies raise for the privacy of children and teens, and provides an update of the 
Commission’s review of the Children’s Online Privacy Protection Rule. 

I. The Mobile Marketplace 

Mobile technology is exploding with a range of new products and services, and 
consumers across the country are rapidly responding to the industry’s creation of 
smarter devices. According to the wireless telecommunications trade association, 
CTIA, the wireless penetration rate reached 96 percent in the United States by the 
end of last year. 4 Also by that same time, 27 percent of U.S. mobile subscribers 
owned a smartphone, 5 which is a wireless phone with more powerful computing 
abilities and connectivity than a simple cell phone. Such mobile devices are essen- 


1 This written statement represents the views of the Federal Trade Commission. My oral pres- 
entation and responses are my own and do not necessarily reflect the views of the Commission 
or of any Commissioner. 

2 In the last fifteen years, the FTC has brought more than 30 data security cases; 64 cases 
against companies for improperly calling consumers on the Do Not Call registry; 86 cases 
against companies for violating the Fair Credit Reporting Act (“FCRA”); 96 spam cases; 15 
spyware cases; and 16 cases against companies for violating the Children’s Online Privacy Pro- 
tection Act. 

3 Commissioner William E. Kovacic dissents from this testimony to the extent that it endorses 
a Do Not Track mechanism. He believes that the endorsement of a Do Not Track mechanism 
is premature. 

4 CTIA, Wireless Quick Facts, available at www.ctia.org / advocacy / research / index.cfm / aid / 
10323. 

5 ComScore, The 2010 Mobile Year in Review Report (Feb. 14. 2011), at 5, available at 

www.comscore.com / Press Events / Presentations Whitepapers / 2011 / 

2010 Mobile Year in Review. 
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tially handheld computers that offer Web browsing, e-mail, and a broad range of 
data services. These new mobile devices allow consumers to handle a multitude of 
tasks in the palms of their hands and offer Internet access virtually anywhere. 

Companies are increasingly using this new mobile medium to provide enhanced 
benefits to consumers, whether to provide online services or content, or to market 
other goods or services. 6 For example, consumers can search websites to get detailed 
information about products, or compare prices on products they are about to pur- 
chase while standing in the check-out line. They can join texting programs that pro- 
vide instantaneous product information and mobile coupons at the point of purchase 
or download mobile software applications (“apps”) that can perform a range of con- 
sumer services such as locating the nearest retail stores, managing shopping lists, 
tracking family budgets, transferring money between accounts, or calculating tips 
or debts. 7 Apps also allow consumers to read news articles, play interactive games, 
and connect with family and friends via social networks. Any of these services can 
contain advertising, including targeted advertising. 

II. FTC’s Response to Consumer Protection Issues Involving Mobile 

Technology 

New technology can bring tremendous benefits to consumers, but it also can 
present new concerns and provide a platform for old frauds to resurface. Mobile 
technology is no different, and the Commission is making a concerted effort to en- 
sure that it has the necessary technical expertise, understanding of the market- 
place, and tools needed to monitor, investigate, and prosecute deceptive and unfair 
practices in the mobile arena. 

A. Developing an Understanding of Mobile Issues Through Workshops and 

Town Halls 

For more than a decade, the Commission has explored mobile and wireless issues, 
starting in 2000 when the agency hosted a two-day workshop studying emerging 
wireless Internet and data technologies and the privacy, security, and consumer pro- 
tection issues they raise. 8 In 2006, the Commission held a three-day technology 
forum that prominently featured mobile issues. 9 Shortly thereafter, the Commission 
hosted two Town Hall meetings to explore the use of radio frequency identification 
(RFID) technology, and its integration into mobile devices as a contactless payment 
system. 10 And in 2008, the Commission held a two-day forum examining consumer 
protection issues in the mobile sphere, including issues relating to ringtones, games, 
chat services, mobile coupons, and location-based services. 11 Most recently, as dis- 
cussed below, the Commission examined the privacy issues raised by mobile tech- 
nologies as part of a series of roundtables on consumer privacy in late 2009 and 
early 2010. 

B. Developing a Mobile Lab and Creating a Mobile Team 

The FTC has hired technologists (including its first Chief Technologist) and in- 
vested in new technologies to enable its investigators and attorneys to respond to 
the growth of mobile commerce and to conduct mobile-related investigations. 12 For 


6 Indeed, a recent industry survey found that 62 percent of marketers used some form of mo- 
bile marketing for their brands in 2010 and an additional 26 percent reported their intention 
to begin doing so in 2011. See Association of National Advertisers, Press Release, Vast Majority 
of Marketers Will Utilize Mobile Marketing and Increase Spending on Mobile Platforms in 2011, 
(Jan. 31, 2011) (describing the results of a survey conducted by the Association of National Ad- 
vertisers and the Mobile Marketing Association), available at www.ana.net / content / show / id / 
20953. 

7 Although Apple’s App Store and Google’s Android Market are less than 3 years old, they col- 
lectively contain more than 600,000 apps. In January 2011, Apple reported that ten billion apps 
had been downloaded from the App Store. In May 2011, Google announced that 4.5 billion apps 
had been downloaded from the Android Market. See www.apple.com/itunes/ 10-billion-app- 
countdown / ; googleblog.blogspot.com / 201 1 / 05 / android-momentum-mobile-and-more-at.html. 

8 FTC Workshop, The Mobile Wireless Web, Data Services and Beyond: Emerging Technologies 
and Consumer Issues, available at www.ftc.gov/bcp/workshopslwireless/index.shtml. 

9 FTC Workshop, Protecting Consumers in the Next Tech-ade, available at www.ftc.gov/bcp/ 
workshops / techade. The Staff Report is available at www.ftc.gov/os/2003/03IP064101tech.pdf. 

10 FTC Workshop, Pay on the Go: Consumers and Contactless Payment, available at 
www.ftc.gov/bcp/workshops/payonthego/index.shtml; FTC Workshop, Transatlantic RFID 
Workshop on Consumer Privacy and Data Security, available at www.ftc.gov/bcp/workshopsl 
transatlantic / index, shtml. 

11 FTC Workshop, Beyond Voice: Mapping the Mobile Marketplace, available at www.ftc.gov/ 
bcp / workshops I mobilemarket / index. shtml. 

1 2 See, e.g., Press Release, FTC Adds Edward W. Felten as its Chief Technologist (Nov. 4, 
2010), available at www.ftc.gov/opa/2010/ll/cted.shtm. 
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many years, FTC Bureau of Consumer Protection staff have investigated online 
fraud using the agency’s Internet Lab, a facility that contains computers with IP 
addresses not assigned to the government, as well as evidence-capturing software. 
The agency has expanded the Internet lab to include mobile devices spanning var- 
ious platforms and carriers, along with the software and other equipment needed 
to collect and preserve evidence. 

Additionally, the FTC’s Bureau of Consumer Protection assembled a team focus- 
ing on mobile technology. This group is conducting research, monitoring the various 
platforms, app stores, and applications, and training other FTC staff on mobile 
issues. In addition, in all of the FTC’s consumer protection investigations, staff is 
examining whether the targets of investigations are using mobile technology in their 
operations. 

C. Applying the FTC Act to the Mobile Arena 

Although the FTC does not enforce any special laws applicable to mobile mar- 
keting, the FTC’s core consumer protection law — Section 5 of the FTC Act — pro- 
hibits unfair or deceptive practices in the mobile arena. 13 This law applies to com- 
merce in all media, whether traditional print, telephone, television, desktop com- 
puter, or mobile device. The Commission has several recent law enforcement and 
policy initiatives in the mobile arena, which build on the Commission’s extensive 
law enforcement experience in the Internet and privacy areas. 

1. Endorsement Law and Advertising Substantiation 

The FTC brought a case last August applying FTC advertising law principles to 
the mobile apps marketplace. The Commission charged Reverb Communications, 
Inc., a public relations agency hired to promote video games, with deceptively en- 
dorsing mobile gaming applications in the iTunes store. 14 The company allegedly 
posted positive reviews of gaming apps using account names that gave the impres- 
sion the reviews had been submitted by disinterested consumers when they were, 
in actuality, posted by Reverb employees. In addition, the Commission charged that 
Reverb failed to disclose that it often received a percentage of the sales of each 
game. The Commission charged that the disguised reviews were deceptive under 
Section 5, because knowing the connections between the reviewers and the game de- 
velopers would have been material to consumers reviewing the iTunes posts in de- 
ciding whether or not to purchase the games. In settling the allegations, the com- 
pany agreed to an order prohibiting it from publishing reviews of any products or 
services unless it discloses a material connection, when one exists, between the com- 
pany and the product. 

The Reverb settlement demonstrates that the FTC’s well-settled truth-in-adver- 
tising principles apply to new forms of mobile marketing. The mobile marketplace 
may offer advertisers new opportunities, but as in the offline world, companies must 
be able to substantiate claims made about their products. Developers may not make 
misrepresentations or unsubstantiated claims about their mobile apps, whether 
those claims are in banner ads, on a mobile website, in an app, or in app store de- 
scriptions. FTC staff is working to identify other violations of these well-established 
principles in the mobile context. 

2. Unauthorized Charges and Other Deceptive Conduct 

FTC staff has active investigations into other unfair or deceptive conduct in the 
mobile arena. For example, staff is examining both the cramming of charges on con- 
sumers wireless phone hills and alleged inadequate disclosures of charges for in-app 
purchases. 

Cramming is the practice of placing unauthorized charges on consumers’ tele- 
phone bills. The FTC has aggressively prosecuted cramming violations in connection 
with landline telephone bills for many years. 15 Mobile telephone accounts can also 
be used as a billing mechanism. On May 11, the FTC hosted a workshop on Phone 
Bill Cramming. The workshop examined how the mobile and landline hilling plat- 
forms work, best practices for industry, and the development of cramming preven- 
tion mechanisms. 16 


13 15 U.S.C. § 45(a). 

14 Reverb Commc’ns, Inc., FTC Docket No. C— 4.3 1 0 (Nov. 22, 2010) (consent order), available 
at www.ftc.gov / opa / 2010 / 08 / reverb. shtm . 

15 See, e.g., FTC v. INC21.com, No. C 10—00022 WHA (N.D. Cal.) { summary judgment entered 
Sept. 21, 2010), available at www.ftc.gov/opa /2010/09/inc21.shtm; FTC v. Nationwide Connec- 
tions, Inc., No. Cv 06-80180 (S.D. Fla.) (final stipulated orders entered Apr. 11, 2008), available 
at www.ftc.gov/opa / 2008 / 04 / cram. shtm. 

16 See FTC Workshop, Phone Bill Cramming, available at www.ftc.gov/bcp/workshops/cram- 
rningl . 
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Concerns about charges for in-app purchases in games and other apps that ini- 
tially appear to be free is another issue of concern. Several Members of Congress 
and others have raised concerns about purportedly free mobile apps directed to chil- 
dren that subsequently result in charges for products and services found within the 
applications, without adequate disclosures. 17 FTC staff is examining industry prac- 
tices related to this issue. 

3. Unsolicited Commercial Text Messages 

Through enforcement of the CAN-SPAM Act, 18 the Commission has long sought 
to protect consumers from unsolicited commercial e-mail. Indeed, CAN-SPAM ap- 
plies to e-mail regardless of what type of computer or device is used to view and 
send the commercial e-mail messages. Unsolicited text messages present problems 
similar to those addressed by CAN-SPAM, but unsolicited text messages present 
additional problems for mobile phone users. 

In February, the Commission filed its first law enforcement action against a send- 
er of unsolicited text messages and obtained a temporary restraining order sus- 
pending the defendant’s challenged operations. The FTC alleged that Philip Flora 
sent more than 5 million unsolicited text messages — almost a million a week — to the 
mobile phones of U.S. consumers and that this was an unfair practice under Section 
5 of the FTC Act. 19 Many consumers who received Flora’s text messages — which 
typically advertised questionable mortgage loan modification or debt relief serv- 
ices — had to pay a fee each time they received a message. Many others found that 
Flora’s text messages caused them to exceed the number of messages included in 
their mobile service plans, thereby causing some consumers to incur additional 
charges on their monthly bill. 20 

4. Debt Collection Technology 

The impact of mobile technology is also evident in the debt collection industry. 
On April 28, the Commission hosted a forum that examined the impact of new tech- 
nologies on debt collection practices, including the technologies used to locate, iden- 
tify, and contact debtors. 21 Panelists discussed the consumer concerns that arise 
when collectors contact debtors on their mobile phones, and whether some appro- 
priate consumer consent should be required before a collector calls or sends text 
messages to a consumer’s mobile phone. Commission staff is considering and ana- 
lyzing the information received from the workshop and is preparing a summary re- 
port. 

5. Mobile Payments 

The use of mobile phones as a payment device also presents potential consumer 
protection issues. 22 As mentioned above, consumers can already charge goods and 
services, real or virtual, to their mobile telephone bills and app store accounts. 
Many other payment mechanisms and models are still developing, such as 
contactless payments systems that allow consumers to pay for products and services 
with the swipe of their smart phone. 23 Many, but not all, mobile payment systems 


17 Cecelia Kang, Lawmakers Urge FTC to Investigate Free Kids Games on iPhone, Washington 
Post (Feb. 8, 2011), available at www.washingtonpost.com / wp-dyn / content / article 12011 / 02 / 08 / 
AR2011020805721.html. 

18 Controlling the Assault of Non-Solicited Pornography and Marketing Act of 2003, 15 U.S.C. 
§§7701-7713. 

19 FTC v. Flora, CV11-00299 (C.D. Cal.) (Compl. filed Feb. 22, 2011), available at 
www.ftc.govlopal2011l02lloan.shtm. The complaint also alleges that Flora sent over the Inter- 
net unsolicited commercial e-mail messages advertising his texting services. The e-mails did not 
include a valid opt-out mechanism and failed to include a physical postal address, in violation 
of the CAN-SPAM Act. In these e-mails, Flora offered to send 100,000 text messages for only 
$300. Further, the complaint charged that Flora deceptively claimed an affiliation with the Fed- 
eral Government in connection with the loan modification service advertised in the text mes- 
sages. 

20 While the financial injury suffered by any consumer may have been small, the aggregate 
injury was likely quite large. And, even for those consumers with unlimited messaging plans, 
Flora’s unsolicited messages were harassing and annoying, coming at all hours of the day. 

21 FTC Workshop, Debt Collection 2.0: Protecting Consumers as Technologies Change, available 
at www.ftc.gov / hep / workshops / debtcollectiontech / index.shtml. 

22 See Elizabeth Eraker, Colin Hector & Chris Hoofnagle, Mobile Payment: The Challenge of 
Protecting Consumers and Innovation, BNA, 10 Privacy & Security Law Report 212 (Feb. 7, 
2011 ). 

23 See Darin Contini, Marianne Crowe, Cynthia Merritt, Richard Oliver & Steve Mott, Retail 
Payments Risk Forum, Mobile Payments in the United States: Mapping Out the Road Ahead, 

(Mar. 25, 2011), available at www.frbatlanta.org/docwnents/rprf/rptf pubs / 110325_wp.pdf; 

Smart Card Alliance, Contactless Payment Growth and Evolution to Mobile NFC Payment are 

Continued 
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are tied to traditional payment mechanisms such as credit cards. Staff is monitoring 
this emerging area for potential unfair or deceptive practices. 

III. Privacy Issues in the Mobile Arena 

The rapid growth of new mobile services has provided enormous benefits to both 
businesses and consumers. At the same time, it has facilitated unprecedented levels 
of data collection, which are often invisible to consumers. 

The Commission recognizes that mobile technology presents unique and height- 
ened privacy and security concerns. In the complicated mobile ecosystem, a single 
mobile device can facilitate data collection and sharing among any entities, includ- 
ing wireless providers, mobile operating system providers, handset manufacturers, 
app developers, analytics companies, and advertisers. And, unlike other types of 
technology, mobile devices are typically personal to the user, almost always carried 
by the user and switched-on . 24 From capturing consumers’ precise location to their 
interactions with e-mail, social networks, and apps, companies can use a mobile de- 
vice to collect data over time and “revealf ] the habits and patterns that mark the 
distinction between a day in the life and a way of life .” 25 Further, the rush of on- 
the-go use, coupled with the small screens of most mobile devices, makes it espe- 
cially unlikely that consumers will read detailed privacy disclosures. 

In recent months, news reports have highlighted the virtually ubiquitous data col- 
lection by smartphones and their apps. Researchers have reported that both major 
smartphone platform providers collect precise location information from phones run- 
ning their operating systems to support their device location services . 26 The Wall 
Street Journal has documented numerous companies gaining access to detailed in- 
formation — such as age, gender, precise location, and the unique identifiers associ- 
ated with a particular mobile device — that can be used to track and predict con- 
sumers’ every move . 27 Not surprising, recent surveys indicate that consumers are 
concerned. For example, a recent Nielsen study found that a majority of smartphone 
app users worry about their privacy when it comes to sharing their location through 
a mobile device . 28 The Commission has addressed these issues through a combina- 
tion of law enforcement and policy initiatives, as discussed below. 

A. Mobile Privacy: Enforcement Actions 

The FTC’s privacy cases have challenged companies that fail to protect the pri- 
vacy and security of consumer information, including information obtained through 
mobile communications. Two recent cases highlight the application of the FTC’s pri- 
vacy enforcement to the mobile marketplace. 

First, the Commission’s recent case against Google alleges that the company de- 
ceived consumers by using information collected from Gmail users to generate and 
populate a new social network, Google Buzz . 29 The Commission charged that Gmail 
users’ associations with their frequent e-mail contacts became public without the 
users’ consent. As part of the Commission’s proposed settlement order, Google must 


Highlights as Smart Card Alliance /CTST Conference Opens (May 14, 2008), available at 
www.sjnartcardalliance.org / articles / 2008 / 05 / 14 / contactless-payment-growth-and-evolution-to- 
mobile-nfc-payment-are-highlights-as-smart-cai'd-alliance-ctst-conference-opens. 

24 See, e.g., Amanda Lenhart, Pew Internet & American Life Project, Adults, Cell Phones and 
Texting (Sept. 2, 2010), at 10, available at www.pewinternet.org/Reports/2010/Cell-Phones-and- 
American-Adults / Overview. aspx (“65 percent of adults with cell phones say they have ever slept 
with their cell phone on or right next to their bed”); Amanda Lenhart, Rich Ling, Scott Camp- 
bell, Kristen Purcell, Pew Internet & American Life Project, Teens and Mobile Phones (Apr. 20, 
2010), at 73, available at www.pewiJiternet.otg/Reports/2010/Teens-and-Mobile-Phojies/Chap- 
ter-3 / Sleeping-with-the-phone-on-or-near-the-bed.aspx (86 percent of cell-owning teens ages 14 
and older have slept with their phones next to them). 

25 Utiited States v. Maynard, 615 F.3d 544, 562 (D.C. Cir. 2010). 

26 See Julia Angwin & Jennifer Valentino-Devries, Apple, Google Collect User Data, Wall St. 
J. (Apr. 22, 2011), available at online.wsj.com / article / SB100014240527487039837045762771 
01723453610.html 

27 See, e.g., Robert Lee Hotz, The Really Smart Phone, Wall St. J. (Apr. 23, 2011), available 

at onlitie.wsj.com / article / SB1000 14240527 487 04547 60457 6263 261679848814.html (describing 

how researchers are using mobile data to predict consumers’ actions); Scott Thurm & Yukari 
Iwatane Kane, Your Apps are Watching You, Wall St. J. (Dec. 18, 2010), available at oji- 

line.wsj.com/article/SB1000142405 274870436800457602775 1867039730. httnl (documenting 

the data collection that occurs through many popular smartphone apps). 

28 NielsenWire, Privacy Please ! U.S. Smartphone App Users Concerned with Privacy When it 

Comes to Location (Apr. 21, 2011), available at blog.nielsen.com/nielsenwire/online mobile / pri- 

vacy-please-u-s-stnartphone-app-users-concerned-with-privacy-when-it-comes-to-location; see also 
Ponemon Institute, Stnartphone Security: Survey of U.S. Consumers (Mar. 2011), at 7, available 

at aa-dowJiload.avg.com/filedir/other/ Smariphotie.pdf (6 4 percent of consumers worry about 

being tracked when using their smartphones). 

29 Google, Inc., FTC File No. 102 3136 (Mar. 30, 2011) (consent order accepted for public com- 
ment), available at www.ftc.gov / opa / 2011 / 03 /google. shtm. 
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protect the privacy of all of its customers — including mobile users. For example, the 
order requires Google to implement a comprehensive privacy program and conduct 
independent audits every other year for the next 20 years. 

Second, in the Commission’s case against social networking service Twitter, the 
FTC alleged that serious lapses in the company’s data security allowed hackers to 
obtain unauthorized administrative control of Twitter. 30 As a result, hackers had ac- 
cess to private “tweets” and non-public user information — including users’ mobile 
phone numbers — and took over user accounts, among them, those of then-President- 
elect Obama and Rupert Murdoch. The Commission’s order, which applies to Twit- 
ter’s collection and use of consumer data, including through mobile devices or apps, 
prohibits future misrepresentations and requires Twitter to maintain reasonable se- 
curity and obtain independent audits of its security practices. 

FTC staff has a number of additional active investigations regarding privacy 
issues associated with mobile devices, including children’s privacy. 

B. Mobile Privacy: Policy Initiatives 

In late 2009 and early 2010, the Commission held three roundtables to examine 
how changes in the marketplace have affected consumer privacy and whether cur- 
rent privacy laws and frameworks have kept pace with these changes. 31 At one 
roundtable, a panel focused on the privacy implications of mobile technology. Par- 
ticipants addressed the complexity of data collection through mobile devices; the ex- 
tent and nature of the data collection, particularly with respect to location data; and 
the adequacy of privacy disclosures on mobile devices. 32 Based on the information 
received through the roundtables, FTC staff drafted a preliminary report (“Staff Re- 
port”) proposing a new privacy framework consisting of three main recommenda- 
tions, each of which applies to mobile technology. 33 

First, FTC staff recommended that companies adopt a “privacy by design” ap- 
proach by building privacy protections into their everyday business practices, such 
as not collecting or retaining more data than they need to provide a requested serv- 
ice or transaction. Thus, for example, if an app provides only traffic and weather 
information to a consumer, it does not need to collect call logs or contact lists from 
the consumer’s device. 

Second, staff recommended that companies provide simpler and more streamlined 
privacy choices to consumers. This means that all companies involved in data collec- 
tion and sharing through mobile devices — carriers, handset manufacturers, oper- 
ating system providers, app developers, and advertisers — should work together to 
provide such choices and to ensure that they are understandable and accessible on 
the small screen. The Staff Report also stated that companies should obtain affirma- 
tive express consent before collecting or sharing sensitive information, such as pre- 
cise location data. 

Third, the Staff Report proposed a number of measures that companies should 
take to make their data practices more transparent to consumers, including stream- 
lining their privacy disclosures to consumers. 

After releasing the Staff Report, staff received 452 public comments on its pro- 
posed framework, a number of which implicate mobile privacy issues specifically. 
FTC staff is analyzing the comments and will take them into consideration in pre- 
paring a final report for release later this year. 

C. Web Browsing and Do Not Track on Mobile Devices 

The Staff Report included a recommendation to implement a universal choice 
mechanism for online tracking, including for purposes of delivering behavioral ad- 
vertising, often referred to as “Do Not Track,” and a majority of the Commission 
has expressed support for such a mechanism. 34 Behavioral advertising helps support 


30 Twitter, Inc., FTC Docket No. C-4316 (Mar. 2, 2011) (consent order), available at 
www.ftc.gov / opa 1201 11031 twitter, shtm. 

31 See FTC, Exploring Privacy: A Roundtable Series, available at http : / / www.ftc.gov /bcp / 
workshops / privacyroundtables / index.shtml. 

32 Transcript of Roundtable Record, Exploring Privacy: A Roundtable Series (Jan. 28, 2010) 

(Panel 4, “Privacy Implication of Mobile Computing”), at 238, available at http: I / www.ftc.gov / 
bcp I workshops / privacyroundtables I PrivacyRoundtable_Jan2010 Transcript.pdf. 

33 See FTC Preliminary Staff Report, Protecting Consumer Privacy in an Era of Rapid Change: 
A Proposed Framework for Businesses and Policymakers (Dec. 1, 2010), available at http:/ j 
ftc.gov / os / 2010 / 12 / 101201privacyreport.pdf. Commissioners William E. Kovacic and J. Thomas 
Rosch issued concurring statements available at http://ftc.gov/os/2010/12/101201privacy 
report.pdf at Appendix D and Appendix E, respectively. 

34 See FTC Staff Report, supra note 33; see also Do Not Track: Hearing Before the Subcomm, 
on Commerce, Trade and Consumer Prot. of the H. Comm, on Energy ana Commerce, 111th 
Cong. (Dec. 2, 2010), available at www.ftc.gov / os / testimony / 101202donottrack.pdf ( statement of 
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online content and services, and many consumers may value the personalization 
that it offers. However, the third-party tracking that underlies much of this adver- 
tising is largely invisible to consumers, some of whom may prefer not to have their 
personal browsing and searching information collected by companies with which 
they do not have a relationship. 

The FTC repeatedly has called on stakeholders to develop and implement better 
tools to allow consumers to control the collection and use of their online browsing 
data, 35 and industry and other stakeholders have responded. In recent months a 
number of browser vendors — including Microsoft, Mozilla, and Apple — have an- 
nounced that the latest versions of their browsers include, or will include, the ability 
for consumers to tell websites not to track their online activities. 36 Additionally, last 
month the World Wide Web Consortium 37 held a two-day workshop at which par- 
ticipants including academics, industry representatives, and privacy advocates dis- 
cussed how to develop standards for incorporating “Do Not Track” preferences into 
Internet browsing. 38 The online advertising industry has also made important 
progress in this area. For example, the Digital Advertising Alliance, an industry co- 
alition of media and marketing associations, is launching an enhanced notice pro- 
gram that includes an icon embedded in behaviorally targeted ads. 39 When con- 
sumers click on the icon, they can see more information about how the ad was tar- 
geted and delivered to them and are given the opportunity to opt out of receiving 
such ads, although collection of browsing information could continue. 

These recent industry efforts to improve consumer control are promising, but they 
are still in the early stage and their effectiveness remains to be seen. As industry 
continues to explore technical options and implement self-regulatory programs and 
Congress continues to examine Do Not Track, five critical principles should be con- 
sidered to make any Do Not Track mechanism robust and effective. Do Not Track 
should (1) be universal; (2) be easy to find and use; (3) be enforceable; (4) ensure 
that consumer choices are persistent; and (5) not only allow consumers to opt out 
of receiving targeted advertising, but also allow them to opt out of collection of be- 
havioral data for all purposes that are not commonly accepted. 40 

The Staff Report asked whether Do Not Track should apply in the mobile context. 
At least for purposes of Web browsing, the issues surrounding implementation of Do 


the FTC, Commissioner Kovacic dissenting). Commissioner Kovacic believes that the endorse- 
ment of a Do Not Track mechanism by staff (in the report) and the Commission (in this testi- 
mony) is premature. See FTC Staff Report, App. D. Commissioner Rosch supported a Do Not 
Track mechanism only if it were “technically feasible” and implemented in a fashion that pro- 
vides informed consumer choice regarding all the attributes of such a mechanism. See id., App. 
E. To clarify, Commissioner Rosch continues to believe that a variety of questions need to be 
answered prior to the endorsement of any particular Do Not Track mechanism, including the 
consequences of the mechanism for consumers and competition. 

35 See, e.g., The State of Online Consumer Privacy, Hearing Before the S. Comm, on Commerce, 
Science & Transportation, 112th Cong. (Mar. 16, 2011), available at www.ftc.gov / os / testimony / 
110316consumerprivacysenate.pdf ( statement of the FTC, Commissioner Kovacic dissenting); Do 
Not Track: Hearing Before the Subcomm. on Commerce, Trade and Consumer Prot. of the H. 
Comm, on Energy and Commerce, 111th Cong. (Dec. 2, 2010), available at www.ftc.gov / os / testi- 
mony / 101202donottrack.pdf (statement of the FTC, Commissioner Kovacic dissenting); see also 
FTC Staff Report: Self-Regulatory Principles for Online Behavioral Advertising (Feb. 2009), 
available at www.ftc.gov /os / 2009 / 02 / P085400behavadreport.pdf. 

36 See Press Release, Microsoft, Providing Windows Customers with More Choice and Control 
of Their Privacy Online with Internet Explorer 9 (Dec. 7, 2010), available at www.microsoft.com/ 
presspass / features / 2010 / dec 10 / 12-07 ie9privacyqa.mspx; Mozilla Blog, Mozilla Firefox 4 Beta, 
Now Including “Do Not Track” Capabilities, blog.mozilla.com / blog / 2011 / 02 / 08 / mozilla- fire fox- 
4-beta-now-including-do-not-track-capabilities / (Feb. 8, 2011); Nick Wingfield, Apple Adds Do- 
Not-Track Tool to New Browser, Wall St. J. (Apr. 14, 2011), available at online.wsj.com / article / 
SB10001424052748703551304576261272308358858.html. 

37 The World Wide Web Consortium (W3C) is an international community whose “mission is 
to lead the World Wide Web to its full potential by developing protocols and guidelines that en- 
sure the long-term growth of the Web.” See www.w3.org/Consortium/mission.html. 

38 See www.w3.org / 2011 / track-privacy / . This event followed a joint proposal by Stanford Law 
School’s Center for Internet and Society and Mozilla for a header-based Do Not Track mecha- 
nism submitted to the Internet Engineering Task Force. See Do Not Track: A Universal Third- 
Party Web Tracking Opt Out (Mar. 7, 2011), available at tools.ietf.org/html/draft-mayer-do-not- 
track-00; see also Mozilla Makes Joint Submission to IETF on DNT, available at firstperson 
cookie, wordpress.com / 201 1/03/09 / mozilla-makes-joint-submission-to-ietf-on-dnt / . 

39 See Interactive Advertising Bureau Press Release, Major Marketing Media Trade Groups 
Launch Program to Give Consumers Enhanced Control over Collection and Use of Web Viewing 

Data for Online Behavioral Advertising (Oct. 4, 2010), available at www.iab.net/about 

the iab / recent press releases / press release archive / press release / pr-1 004 1 0. 

40 For more detail concerning these five principles, see The State of Online Consumer Privacy, 
Hearing Before the S. Comm, on Commerce, Science & Transportation, supra note 35, at 16— 
17. 
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Not Track are the same on mobile devices and desktop computers. On both types 
of devices, the user could assert a Do Not Track choice, the browser would remem- 
ber this choice, and the browser would send the Do Not Track request to other 
websites visited. The technology underlying mobile apps, however, differs in some 
respects from Web browsing (apps run outside of the browser, unlike websites), and 
thus the Staff Report has asked for comment about the application of Do Not Track 
to mobile apps, and FTC staff is currently examining the technology involved in a 
Do Not Track mechanism for mobile apps. 

Chairman Rockefeller has introduced Do Not Track legislation that would address 
desktop and mobile services. 41 The Commission supports the fundamental goals of 
this legislation — to provide transparency and consumer choice regarding tracking. 
Although the Commission has not taken a position on whether there should be legis- 
lation in this area, the Commission supports the approach in the proposed legisla- 
tion, which would consider a variety of factors in implementing a Do Not Track 
mechanism, including the scope of the Do Not Track standard, the technical feasi- 
bility and costs, and how the collection of anonymous data would be treated under 
the standard. Indeed, the Commission agrees that any legislative mandate must 
give careful consideration to these issues, along with any competitive implications, 
as part of the Do Not Track rulemaking process. We would be pleased to work with 
Chairman Rockefeller, the Committee and Committee staff as they consider these 
important issues. 

D. Children’s and Teens’ Mobile Privacy 

The Commission has a long history of working to protect the privacy of young peo- 
ple in the online environment. In recent years, the advent of new technologies and 
new ways to collect data, including through mobile devices, has heightened concerns 
about the protection of young people when online. 

1. Children’s and Teen’s Use of Mobile Technology 

Children’s and teens’ use of mobile devices is increasing rapidly — in 2004, 45 per- 
cent of 12 to 17 year-olds had a cell phone; by 2009, that figure jumped to 75 per- 
cent. 42 Many young people are using their phones not just for calling or sending text 
messages, but increasingly for sending e-mails, Web browsing, and using a host of 
apps that enable them to access social networks and make online purchases. 43 They 
are also using relatively new mobile apps that raise privacy concerns such as loca- 
tion-based tracking. 44 Even very young children have embraced these new tech- 
nologies. In one study, two-thirds of the children ages 4-7 stated they had used an 
iPhone, often one owned by a family member and handed back to them while riding 
in an automobile. 45 

2. Enforcement of the Children’s Online Privacy Protection Rule 

The Commission actively engages in law enforcement, consumer and business 
education, and rulemaking initiatives to ensure knowledge of, and adherence to, the 
Children’s Online Privacy Protection Rule (“COPPA Rule”), issued pursuant to the 
Children’s Online Privacy Protection Act of 1998. 46 The COPPA Rule requires opera- 
tors of interactive websites and online services directed to children under the age 
of 13, as well as operators of general audience sites and services having knowledge 
that they have collected information from children, to provide certain protections. 
In the past 10 years, the Commission has brought 16 law enforcement actions alleg- 
ing COPPA violations and has collected more than $6.2 million in civil penalties. 

Just last week, the Commission announced its largest civil penalty in a COPPA 
action, a $3 million settlement against Playdom, Inc. The Commission alleged that 
the company, a leading developer of online muiti-player games, as well as one of 
its executives, violated COPPA by illegally collecting and disclosing personal infor- 
mation from hundreds of thousands of children under age 13 without their parents’ 


41 Do Not Track Online Act of 2011, S. 913, 112th Cong. (2011) 

42 Amanda Lenhart, Rich Ling, Scott Campbell, Kristen Purcell, Pew Internet & American 
Life Project, Teens and Mobile Phones (Apr. 20, 2010), at 2, available at www.pewinternet.org / 
- / media / / Files / Reports 12010 / PIP-Teens-and-Mobile-201 0.pdf. 

43 /d. 

44 Nielsen, How Teens Use Media (June 2009), available at blog.nielsen.com / nielsenwire / re- 
ports / nielsen howteensusemedia june09.pdf. 

45 Cynthia Chiong & Carly Shuler, Joan Ganz Cooney Center, Learning: Is there an App for 

that? (Nov. 2010), at 15, available at www.joanganzcooneycenter.org/upload kits/learning 

apps final 110410.pdf. 

46 The Commission’s COPPA Rule is found at 16 C.F.R. Part 312. The COPPA statute is found 
at 15 U.S.C. § 6501 et seq. 
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prior consent. 47 While the allegations against Playdom do not specifically include 
the collection of information via mobile communications, the order, like all previous 
COPPA orders, applies to future information collected from children, whether it is 
collected via a desktop computer or a mobile computing device. 

3. Review of the COPPA Rule 

In April 2010, the Commission accelerated its review of the COPPA Rule, asking 
for comment on whether technological changes in the online environment warrant 
any changes to the Rule or to the statute. 48 In June 2010, the Commission also held 
a public roundtable to discuss the implications for COPPA enforcement raised by 
new technologies, including the rapid expansion of mobile communications. 49 

While the Rule review is ongoing, public comments and roundtable remarks re- 
veal widespread consensus that the COPPA statute and the Rule were written 
broadly enough to encompass most forms of mobile communications without the 
need for statutory change. 50 For example, current technologies such as mobile appli- 
cations, interactive games, voice-over-internet services, and social networking serv- 
ices that access the Internet or a wide-area network are “online services” covered 
by COPPA. 51 There was less consensus as to whether certain mobile communica- 
tions such as text messages are “online services” covered by COPPA. Certain com- 
menters indicated that, depending on the details of the texting program — and pro- 
vided that personal information is collected — COPPA could cover such programs. 52 
Other commenters maintained that text messages cross wireless service providers’ 
networks and short message service centers, not the public Internet, and that there- 
fore such services are not Internet-based and are not “online services. 53 Commission 
staff is assessing new technologies to determine whether they are encompassed by, 
and conducted in accordance with, COPPA’s parameters. 

4. Consumer Education Initiatives for Children and Teens 

The FTC has launched a number of education initiatives designed to encourage 
consumers of all ages to use technology safely and responsibly. In particular, the 
Commission’s educational booklet, Net Cetera: Chatting with Kids About Being On- 
line, 54 provides practical tips on how parents, teachers, and other trusted adults can 
help children of all ages, including teens and pre-teens, reduce the risks of inappro- 
priate conduct, contact, and content that come with living life online. Net Cetera fo- 
cuses on the importance of communicating with children about issues ranging from 
cyber bullying to sexting, social networking, mobile phone use, and online privacy. 
The Commission has partnered with schools, community groups, and local law en- 
forcement to publicize Net Cetera, and the agency has distributed more than 7.8 mil- 


47 United States v. Playdom, Inc., No. SACV11-00724 (C.D. Cal.) (final stipulated order filed 
May 11, 2011), available at www.ftc.gov / opa / 2011 / 05 / playdom. shtm. 

48 See 75 Fed. Reg. 17,089 (Apr. 5, 2010). Although, of course, the Commission does not have 
the authority to amend the statute, it could recommend changes to Congress if warranted. Com- 
mission staff anticipates that proposed changes to the COPPA Rule, if any, will be announced 
in the next few months. 

49 Information about the June 2, 2010 COPPA Roundtable is located at http : / / www.ftc.gov / 
bcp / workshops / coppa / index.shtrnl. The public comments submitted in connection with the 
COPPA Rule review are available at http://www.ftc.gov/os/comrnents/copparulerev2010/ 
index.shtm. 

50 See, e.g., Comment of Center for Democracy and Technology (July 1, 2010), at 2, available 
at http://wivw.ftc.gov/os/comments/copparulerev2010/547597-00049-54858.pdf, Transcript of 
Roundtable Record, COPPA Rule Review Roundtables (June 2, 2010), at 14, (remarks of Ed 
Felten, Center for Information Technology Policy), available at http: / / www.ftc.gov /bcp / work- 
shops / coppa / COPPARideReview Transcript. p df (hereinafter “COPPA Transcript”). 

51 The statute’s definition of “Internet,” covering the “myriad of computer and telecommuni- 

cations facilities, including equipment and operating software, which comprise the inter- 
connected world-wide network of networks that employ the Transmission Control Protocol/Inter- 
net Protocol,” is plainly device neutral. 15 U.S.C. §6502(6). In addition, the statutory use of the 
terms “website located on the Internet” and “online service,” although undefined, is broadly un- 
derstood to cover content that users can access through a browser on an ordinary computer or 
a mobile device, and services available over the Internet or that connect to the Internet or a 
wide-area network. See Comment of AT&T, Inc. (July 12, 2010), at 5, available at www.ftc.gov/ 
os / comments / copparulerev2010 / 547597-00074-54989.pdf; Comment of Spratt (Apr. 18, 2010), 
available at www.ftc.gov/os/comments/copparulerev2010 / 547597-00004.html', COPPA Tran- 

script, supra note 50, at 15 (remarks of Ed Felten). 

52 See COPPA Transcript, supra note 50, at 27—28 (remarks of Ed Felten). 

53 See Comment of CTlA (June 30, 2010), at 2—5, available at www.ftc.gov/os/comrnents/ 
copparulerev2010l547597-00039-54849.pdf (citing the Federal Communications Commission’s 
rules and regulations implementing the CAN-SPAM Act of 2003 and the Telephone Consumer 
Protection Act of 1991, finding that phone-to-phone SMS is not captured by Section 14 of CAN- 
SPAM because such messages do not have references to Internet domains). 

54 Net Cetera is available online at www.onguardonline.gov/pdf/tec04.pdf. 
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lion print copies of the guide since it was introduced in October 2009. FTC staff are 
currently developing additional consumer education materials focused on mobile 
issues. 

IV. Conclusion 

The Commission is committed to protecting consumers, including children and 
teens, from unfair and deceptive acts in the burgeoning mobile marketplace. This 
dedication is reflected in the Commission’s recent law enforcement actions and ongo- 
ing investigations, policy initiatives, and investment of resources to augment its mo- 
bile technical expertise and investigative tools. Protecting the privacy and security 
of consumer information is a critical component of the Commission’s focus on mobile 
technologies and services. We will continue to bring law enforcement actions where 
appropriate and work with industry and consumer groups to develop workable solu- 
tions that allow companies to continue to innovate and give consumers the new 
products and services they desire. 

Senator Pryor. Thank you very much. 

And because we have a full committee here, almost a full sub- 
committee, I am going to just ask a couple of questions, then I will 
turn it over to my colleagues. 

Thank you very much, Mr. Vladeck, for being here. You men- 
tioned that this is a small-screen world. And even when you have 
a large screen and you get all these privacy notices and agreements 
that are online, et cetera, there is a lot of verbiage there you have 
to go through. So it seems to me that we have a particular chal- 
lenge in the small-screen world to have meaningful disclosure. 

Have you given that much thought, and do you have a solution 
on that? 

Mr. Vladeck. Well, we have addressed this issue in our privacy 
report, and one of the reasons why we did this privacy rethink at 
the outset was because even on big screens, privacy policies are 
often indecipherable to consumers. And simply translating that to 
the smartphone world, where a consumer might have to click 
through a dozen, two or three dozen screens to read a privacy pol- 
icy, doesn’t make sense. 

We have called for simple, clear, and concise disclosures that can 
tell consumers — that tell consumers the fundamental information 
they need to know — what data is being taken, for what purpose, 
and by whom. Those are the three essential questions, and we 
think — I am sorry? 

Senator Pryor. So bottom-line disclosure is what you mean? 

Mr. Vladeck. Bottom-line disclosure just in time. 

Senator Pryor. Mm-hmm. OK. And let me ask about the geo- 
tracking capability? Is there a purpose for that? I mean, is there 
a legitimate business reason why geo-tracking would be available 
in some apps? 

Mr. Vladeck. Well, in some apps, if you are using a map func- 
tion, geolocation tracking will enhance functionality. That doesn’t 
explain why other apps that do not need geolocation data for 
functionality are, nonetheless, pulling down geolocation data. 

And that is part of the problem. You are given a prompt on some 
phones, do you want to share your geolocation data? If you say no, 
you can’t use the app. 

And that gets back to Senator Kerry’s point. You want 
functionality, but you also want to know who else may be getting 
access to that data. Is that access just being used to enhance the 
functionality, or is it then being sent to analytics companies and 
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ad networks and advertisers and so forth? That information is cur- 
rently not available to consumers. 

Senator Pryor. And my experience has been when I talk to peo- 
ple about this, they have no clue that this data is being trans- 
mitted or shared with anyone. They have no idea. Do you have any 
statistics on what people know now? I mean, is there any way to 
know exactly what people understand about this data right now? 

Mr. Vladeck. There have been surveys, and the surveys confirm 
your impression, which is most people don’t know. And there is a 
reason for that. People are not told with whom the data is going 
to be shared. And so, it is hard to point the finger at the consumer. 
The consumer just has no way of knowing that on most apps. 

Senator Pryor. Thank you. 

Now the order that I was going to call on folks, Chairman Rocke- 
feller, and then we will do the early bird rule. Senator Kerry — no, 
you are not at the end. You should be at the end, but you are not 
at the end. Senator Kerry, Senator Klobuchar, and I know Senator 
Heller just stepped out, and Senator Blunt. 

So, Mr. Chairman? 

Senator Rockefeller. OK. Since 2000, COPPA has been in ef- 
fect. It prohibits companies from targeting children 12 years old or 
younger. It is widely disregarded. Do you agree? 

Mr. Vladeck. I don’t know whether I would agree with that. We 
do fairly aggressive enforcement under COPPA. Last week, we an- 
nounced a settlement against Playdom, one of the largest children’s 
gaming companies, for a civil penalty of $3 million, the largest civil 
penalty by three times 

Senator Rockefeller. Well, they were disregarding it at least? 

Mr. Vladeck. They were disregarding it, and the order applies 
not simply to the Internet, but for T-Mobile 

Senator Rockefeller. The idea would be that this would not be 
available without parents’ consent. Is that correct? 

Mr. Vladeck. It shouldn’t have been available. That is correct. 
The violation there was not — was retaining information without pa- 
rental consent. 

Senator Rockefeller. OK. So if you get a lot of software appli- 
cations available for popular mobile devices, such as iPhone or An- 
droid phone, they qualify, in my mind, as an online service. I am 
not sure they qualify in their mind as an online service. Could you 
talk about that? 

Mr. Vladeck. Well, we held a workshop in June of last year to 
discuss exactly these issues. And I think there was widespread con- 
sensus that, for example, to use your illustration, that mobile apps 
would be an online service and, therefore, would be covered by 
COPPA. And we have reinforced that with our order in Playdom, 
which makes it quite clear that mobile delivery of these apps is 
covered by our order and is subject to COPPA. 

Senator Rockefeller. And that act requires — you have to pro- 
vide conspicuous notice on what personal information is being col- 
lected and how it is being used. 

Mr. Vladeck. That is what the statute says. 

Senator Rockefeller. That is under the law — receive parental 
consent and provide parents with access to all information being 
collected about their kids. 
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Now, any of these provisions, a violation of any of them, con- 
stitutes a very bad thing under the Federal Trade Commission’s 
act. So the question is such violations are subject to civil penalties. 
How much do you go after these folks? 

Mr. Vladeck. Well, as I said, we have done quite a number of 
COPPA cases lately, and we have a number of investigations ongo- 
ing into the mobile space, including apps directed at children. 

Senator Rockefeller. All right. I presume you believe that apps 
directed at kids under 13 are covered by COPPA? 

Mr. Vladeck. That is correct. 

Senator Rockefeller. According to news reports, apps designed 
to appeal to kids, one with cartoon characters and games, are col- 
lecting information at times without adequate disclosure. Would 
you agree? 

Mr. Vladeck. I believe that is correct. 

Senator Rockefeller. Now, COPPA has been a very effective 
tool to protect children’s privacy online. Mr. Vladeck, given the 
growth in mobile applications, the increasing use of mobile devices 
by children even to the age of 4, what is the FTC doing to make 
sure that apps are compliant with COPPA? 

Mr. Vladeck. Well, we are doing two things. One is, as I men- 
tioned before, we are looking for good enforcement targets in this 
space. And we will be bringing other enforcement cases. 

Senator Rockefeller. What do you mean by “looking for good 
enforcement?” 

Mr. Vladeck. Cases like Playdom, which involved substantial 
violations of the act. In Playdom, literally hundreds of thousands 
of kids were playing these online games. And part of what we do 
in our enforcement is try to send a clear message to industry. 

Playdom was a very big player in this field. It was owned — re- 
cently acquired by the Disney Corporation, so 

Senator Rockefeller. OK. So the FTC testified before this com- 
mittee last year on your plans to review COPPA rules. One of the 
issues discussed at that hearing was the rules’ applicability to the 
mobile apps. The comment period closed in last July. 

Mr. Vladeck. That is correct. 

Senator Rockefeller. And so, that is, I think, about a year 
later. So I am kind of curious as to what you are doing to make 
up for this lost 10 V 2 months. 

Mr. Vladeck. With all respect, the time has not been lost. These 
raise very difficult public policy issues, and we want to get this 
right. And so, you can expect something — you know, we hope to get 
something out in the next couple of months. 

Senator Rockefeller. I hear that so often in government. Peo- 
ple have to put out rules. They have to put out regulations. We 
hope to get that out in several months, but in the meantime, every- 
thing is OK. I am a bit skeptical. 

Mr. Vladeck. I am not saying everything is OK, Mr. Chairman. 
Please understand that 

Senator Rockefeller. But you implied that you are being active 
in the meantime, and all I am saying is get the rules out. 

Mr. Vladeck. We hear you loud and clear. 

Senator Rockefeller. Thank you. 

Senator Pryor. Thank you. 
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Senator Kerry? 

Senator Kerry. Thank you very much, Mr. Chairman. 

Mr. Vladeck, thanks for being here. 

To what degree is it true that right now, absent some kind of 
promise to the contrary, any kind of company or a mobile phone 
or an app operator, hotel, website, whatever it is, that they can do 
whatever they want with the personal information that they have 
collected, and the individual would have no right whatsoever to tell 
them to stop or to control what they are doing with the informa- 
tion? 

Mr. Vladeck. Well, if you are asking what the individual could 
do, that may be a question of State law and Federal law. If you 
are asking what the Federal Trade Commission can do, our prin- 
cipal tools are deception and unfairness. 

In the absence of a privacy policy, it makes things more difficult 
for us because our jurisdictional hook would be the unfairness 
prong — generally — would be the unfairness prong of our authority. 
And while I wouldn’t rule out our ability to take enforcement ac- 
tions in the absence of any commitment through a private policy 
or any other statement, it would make things more difficult for us. 

Senator Kerry. Do you know of a law or do you know of a stand- 
ard in some state that has been applied 

Mr. Vladeck. I don’t know. I have never taken a comprehensive 
look at that question. 

Senator Kerry. You guys have not actually surveyed that to de- 
termine what kind of rights people may have? 

Mr. Vladeck. When I say “me,” I was speaking just for myself. 
It may well be that our staff has done that. And if so, we would 
be glad to provide 

Senator Kerry. Could you find out and let us know? 

Mr. Vladeck. Yes. I will be glad to provide that to you. Yes, sir. 

Senator Kerry. Whether or not you have. 

You raised this question of where the FTC can go with respect 
to an unfair trade practice, which is essentially saying that if some- 
body makes a promise to the consumer, but they do something 
other than the promise, you have a right to come in and do some- 
thing. Absent that, do you have any capacity to assure compliance 
across the hundreds of thousands of different companies in the 
country with respect to privacy for consumers? 

Mr. Vladeck. We do if the practice is an unfair one under our 
statute. And 

Senator Kerry. What is the definition of that? What would the 
standard be that would be applied to that? 

Mr. Vladeck. Well, it would have to cause or threaten to cause 
injury to consumers that the consumers themselves could not avoid 
and that the cost to consumers would outweigh whatever benefits 
that might accrue to the 

Senator Kerry. Well, have you made any judgment as to broadly 
whether or not, in fact, it is unfair, per se, for this information to 
be given to a third party, for instance? 

Mr. Vladeck. We have not made that 

Senator Kerry. Why would that not be something you would 
want to think about? 
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Mr. Vladeck. Well, let me digress. We have made that argu- 
ment, for example, in the data security area. For example, if there 
is a data security breach and your personal information is shared 
as a result of the breach, we apply our unfairness standard in 
those kinds of cases because you have been injured, you could not 
reasonably avoid it, and the benefits to the company certainly don’t 
outweigh the cost to you. 

And that — I am sorry. 

Senator Kerry. No, that is all right. I just — unfortunately, time 
is short. But I want to just try to hone in on some of the things 
that are sort of out there. 

Supposing you have a Government entity and Government infor- 
mation would be a separate committee and a separate set of con- 
cerns, but in a private company and a private individual in some 
kind of right of action, what kind of rights might people have here? 

For instance, in a divorce proceeding, could one spouse or the 
other use information from a third party, or would they have rights 
to that in some way? Do we know the answer to that? 

What about a company against an employee, and the employee 
has been fired for certain practices in the company and you want 
a trace on the company’s phone? Do they have any — or their phone, 
either way? 

Mr. Vladeck. You have just sort of chronicled all of the reasons 
why we think geolocation data is so special and so important. Be- 
cause under State law, those kinds of things may be available, or 
there may be no inhibition to sharing them. 

And largely because of the examples that you have given, we 
think geolocation data ought to be treated as special data, just as 
data about children, health, finances, data that deserves special 
protection. 

Senator Kerry. And with respect to Do-Not-Track, Do-Not-Track 
applies to third party. Is that correct? 

Mr. Vladeck. The way we have defined it in our proposal, yes. 
When you move across websites and you are tracked, that is what 
we consider to be third-party tracking. 

Senator Kerry. So are apps that are operating on iPhones or on 
Android phones first parties or third parties? 

Mr. Vladeck. Well, I think it, again, depends on how the app 
functions. If you pick up the New York Times app on your phone 
and you are reading the New York Times, if you then — you know, 
if you then click on the Facebook Like button, then it raises dif- 
ficult questions. 

Senator Kerry. But the bottom line is if they are treated as a 
first party, then Do-Not-Track would not apply any new standard 
whatsoever with respect to privacy protection for that particular 
app. Correct? 

Mr. Vladeck. That is correct. Right. If you are not moving across 
websites. But on some apps you can do that, and that is why the 
implementation of Do-Not-Track for apps, not for mobile browsers, 
but for apps, raises different implementation questions. 

Senator Kerry. That is why, Mr. Chairman, I just wanted to un- 
derscore the need for the sort of broader — there are any numbers 
of reasons, but I think this helps to underscore why you need that 
basic standard and code of privacy. 
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And, well, I will come back to that another time, but I thank you 
for the time. 

Senator Pryor. Thank you, Senator Kerry. 

Senator Klobuchar? 

STATEMENT OF HON. AMY KLOBUCHAR, 

U.S. SENATOR FROM MINNESOTA 

Senator Klobuchar. Thank you very much, Mr. Chairman. 

I have a statistic. It is not nearly as sexy as Chairman Rocke- 
feller’s statistic that 72 percent of people sleep with their cell 
phones, something I just can’t get over. 

But this statistic shows that nearly three-quarters of consumers 
are uncomfortable with advertising tracking, and 77 percent don’t 
want to share their location data with app owners and developers. 
And that is why I believe we need some rules of the road. Senator 
Kerry mentioned the bill that we have been working on. 

I also believe that we need to make sure that we are going after 
bad actors and people who hack in. I am working on a bill with 
Senator Hatch on cloud computing that we are going to put out 
shortly. 

And the third is that personal choice also plays a role here. Some 
consumers may be more comfortable with more data sharing than 
others, but we have to make sure that they are the ones that are 
able to make that choice. And that gets to my first question here 
about privacy choices to consumers. 

Currently, how simple and clear is the typical privacy policy to 
the average consumer, Mr. Vladeck? 

Mr. Vladeck. Not much, not very. 

Senator Klobuchar. OK. And how valuable do you believe a 
streamlined privacy policy agreement would be when — moving for- 
ward, if we try to set some best practices? 

Mr. Vladeck. Well, we discuss this in great detail in our privacy 
report. But to distill it down to its essence, we think that privacy 
policy, at least those particularly on smartphones, need to be short, 
clear, and concise. And they ought to be delivered just when the 
decision about using the app or sharing information is made. 

Senator Klobuchar. And that isn’t the truth right now? 

Mr. Vladeck. That is not generally the way they are delivered 
at the moment. 

Senator Klobuchar. OK. And second, and Senator Kerry was 
touching on this, but I know one of the most popular things in our 
household that Congress did was the “do not call” registry many 
years ago. And now we are looking with Senator Rockefeller at this 
idea of Do-Not-Track for mobile phones. What kind of feedback 
have you received from consumers on the Do-Not-Track? 

Mr. Vladeck. We have gotten positive response not just from 
consumers, who overwhelming support a Do-Not-Track feature, but 
as you may know, both the browser manufacturers and the adver- 
tisers are also gravitating to Do-Not-Track. 

I think no one — it is hard to argue in favor of a business model 
that depends on deceiving consumers. And so, I think there is a 
great deal of movement toward giving consumers easy-to-use, easy- 
to-find controls over their own data. 
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Senator Klobuchar. And what do you see as the challenges in 
implementing Do-Not-Track on mobile devices? 

Mr. Vladeck. Well, I think the only challenge, as you put it, is 
implementation of Do-Not-Track on the apps. On browsers, the 
technology would be the same. And one of the reasons why we 
brought on technologists like Ed Felten, who is a Princeton com- 
puter science professor, is to help us work through the implementa- 
tion issues. 

Senator Klobuchar. And how does the FTC’s proposal differ 
from what Apple and Google are currently doing with their 
smartphone operating system? 

Mr. Vladeck. On Do-Not-Track? I am sorry. 

Senator Klobuchar. On Do-Not-Track. 

Mr. Vladeck. Well, they would differ significantly. I mean, the 
problem that we face now is that there are browsers that are being 
adapted to essentially try to clear cookies and send out signals to 
advertisers basically saying, “Don’t track us.” But until the adver- 
tisers agree to be bound by this and sign up in significant numbers, 
you know, if that doesn’t happen, Senator Rockefeller’s bill has 
started the clock. 

I think that the business community knows that, at some point, 
sooner or later there will be a Do-Not-Track requirement. And so, 
I think they are trying to figure out how to do this. 

Senator Klobuchar. OK. And last question, does the FTC cur- 
rently have the authority that you believe that you need to promul- 
gate regulations in this ever-changing and ever more sophisticated 
world? And do we need to do anything more here? I mentioned a 
lot of things that we are looking at with bills, but in terms of just 
giving you authority. 

Mr. Vladeck. Well, let me answer the question in two ways. 
First is we do not currently have normal APA rulemaking author- 
ity. So we do not really have the capacity today to promulgate reg- 
ulations in this area. 

Second, though, I would say our commission has not sought that 
specific authority from Congress. I can’t speak for the commission 
on that issue. 

Senator Klobuchar. All right. 

Mr. Vladeck. Thank you. 

Senator Klobuchar. Thank you very much. 

Senator Pryor. Thank you. 

Senator Blunt? 

STATEMENT OF HON. ROY BLUNT, 

U.S. SENATOR FROM MISSOURI 

Senator Blunt. Thank you, Chairman. 

Just two or three questions. One, with Do-Not-Track, how would 
apps work? For an app to work, don’t you have to track? 

Mr. Vladeck. There are apps that — when we say track in the 
mobile 

Senator Blunt. Maybe apps is too broad a term. But for a lot of 
apps to work, don’t you have to track? 

Mr. Vladeck. Well, again, there is a confusion about tracking in 
the mobile because it takes on two meanings. One is being followed 
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you as go from one website to another. That is tracking on the 
Internet. 

Senator Blunt. Right. 

Mr. Vladeck. Of course, in the mobile, there is an additional 
complexity because you can be physically tracked. 

Senator Blunt. I guess that is what I am asking. 

Mr. Vladeck. And that is why — I am sorry, that is why I di- 
gressed. 

Senator Blunt. But thank you. That helps me to 

Mr. Vladeck. Senator, yes. For many apps that use geolocation 
data for functionality purposes, you need to enable the geolocation 
figures on your phone to use that. 

Our concern is not with respect to the app developer pulling 
down geolocation data, for example, to make sure the map function 
on your phone worked. It is that there are other apps that are pull- 
ing down geolocation data which has no relation at all to 
functionality. 

And oftentimes, the consumer is unaware that the geolocation 
data is being pulled down, or that once it is being pulled down, it 
is being shared with ad networks, analytic companies, and this eco- 
system behind the screen the consumers are unaware of. 

Senator Blunt. In rulemaking, how hard would it be, do you 
think, to define, to reach that definition to where you are not allow- 
ing tracking for some things, but you understand it has to happen 
for others? 

Mr. Vladeck. Well, I think that the litmus test would be 
functionality. As I just explained, we don’t have rulemaking au- 
thority in this area. So to the extent there are definitional ques- 
tions that need to be resolved across the board, industry is going 
to have to do that, or this body will have to do that. 

Senator Blunt. These questions about employees and divorce 
cases and things like that, how is this geolocating data retained? 
Is it retained in a way that you really could go back and sort out 
with the individual involved not being — agreeing to that, where 
they had been for some significant period of time or not? 

Mr. Vladeck. Well, I mean, there are State law cases involving 
divorce and other issues in which geolocation data has been sub- 
poenaed from not just the wireless companies, but from other com- 
panies and been used in court proceedings. So, yes. The analytic 
data 

Senator Blunt. Has been done and can be done is what 

Mr. Vladeck. I believe that is the case, sir. 

Senator Blunt. What about data security breach, something else 
you mentioned. Is that more likely within the current environment 
than if you had a lot of privacy signoffs and opt out and all of that 
sort of thing? 

Mr. Vladeck. Well, the Commission has long called for legisla- 
tion to enhance both the privacy protections, the safeguards compa- 
nies are required to use when they store sensitive information, 
such as geolocation data, and to give public notice of breaches. 

Now the concern we have is that the more data of this kind, data 
that is really special because the consequence of disclosure can be 
serious, the more companies need to protect that data and to safe- 
guard it and make sure that they are not subject to breach. And 
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so, these two issues are related. The more sensitive data companies 
collect, the more we ought to require them to put protections in 
place to safeguard that data. 

Senator Blunt. I guess I will ask the companies this later. But 
I am wondering how actually individual-specific those are in terms 
of any collection matrix that the company does, or do they just 
have a big universe of people that have contact — that have gone to 
a certain location or something that they then contact that uni- 
verse? 

Mr. Vladeck. Well, I mean, the Wall Street Journal did an arti- 
cle on this precise issue a couple of months ago. And the data is 
so robust that there are now predictive algorithms that you can use 
to sort of guess where you are going to be next. 

So if — and this, of course, is a hypothetical. But suppose you 
played golf every Wednesday afternoon, you know, and called in 
sick. It is not inconceivable that, somehow or another, your em- 
ployer could get that data and decide maybe you shouldn’t be golf- 
ing every Wednesday. 

Senator Blunt. You know, maybe I need that because I have so 
far not been able to guess where the Senate is going to be next. 

[Laughter.] 

Senator Blunt. So maybe I need to figure out that algorithm 
that lets me know what we are doing tomorrow. 

Thank you, Chairman. 

Mr. Vladeck. Thank you so much. 

Senator Pryor. Thank you. 

Senator McCaskill? 

STATEMENT OF HON. CLAIRE McCASKILL, 

U.S. SENATOR FROM MISSOURI 

Senator McCaskill. Yes. One of the things that seems to be 
missing from this discussion is that the value that a lot of this ac- 
tivity provides to the consumer. And let me give you one example. 
The value of being able to locate where this is, is very important 
to my privacy because they now have the technology that if this 
gets stolen from me or if it gets left somewhere, I can remotely go 
and wipe it clean. 

That protects my privacy. That is incredibly important to me be- 
cause, frankly, I don’t want people in here. 

And so, have you all looked at the value that has come to the 
consumer both from the robust technology that has been developed 
and the incredible ability we have to do so many things? The fact 
that it is free or almost free. I mean, you pay for some apps, and 
some of those have geolocations. Most of them don’t. And what it 
provides is an amazing Internet experience primarily funded by be- 
havioral marketing, anonymous behavioral marketing. 

So what studies have been done to show the benefits? Because 
I think most consumers — frankly, asking somebody if they want 
privacy is asking me whether I love my country. Of course, I want 
privacy. 

But we did HIPAA, and I don’t think HIPAA has been anything 
to write home about. I think all of us sign that stupid piece of 
paper at the doctor’s office and don’t get much out of it. 
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So I am trying to make sure that as we go down this road that 
we are informing the consumer of, yes, there are some things we 
need to do on privacy, and I am all for some things. But I am not 
sure the consumer understands now the value they are getting. 
Have you all talked about that? 

Mr. Vladeck. We have. And this was part of the data collection 
effort we did as part of our privacy review. And I think that, you 
know, I think there is no disagreement that consumers value tre- 
mendously the flexibility and the capacity, the almost unimagi- 
nable capacity these phones bring or these tablets bring to our 
lives. Nobody is suggesting that we turn the clock back. 

The question really is, is do we have a system that is more trans- 
parent, that helps consumers understand that there are costs as 
well as benefits? And one of those costs is, you know, you are abso- 
lutely correct. The sort of contextual and behavioral advertising is 
a source of revenue that funds — many apps are free. They are free, 
but they are supported by the advertising revenue. 

Senator McCaskill. It is what has made the whole Internet free 
is behavioral marketing. And that is why I am anxious to know 
what do you think the new business model will be? 

Mr. Vladeck. Well, I think most consumers — and when we talk 
about Do-Not-Track, we are not talking about an all-or-nothing 
choice. One of the reasons why the advertisers are so engaged is 
they have acknowledged for years that they should not be targeting 
consumers who do not want to see targeted ads. So they are com- 
fortable with the business model in which consumers have choice. 

The question is how many consumers are likely to opt out com- 
pletely? And I think if the choice is rightly explained to consumers, 
their choice is to get ads that they may be interested in versus ads 
that are delivered to them at random. I think most consumers 
would opt for targeted ads, provided that they know that the ads — 
that the information collected for those ads will not be used — for 
purposes other than delivering targeted ads. 

The whole secondary use issue is an important one, and they will 
have some control over those ads. So I, for example, don’t have to 
get those pesky Rogaine ads anymore. 

[Laughter.] 

Mr. Vladeck. And I think that is the kind of choice and control 
consumers are really looking for. 

Senator McCaskill. I just want to make sure that we have 
looked carefully at what the costs are and carefully at what impact 
it is going to have on the most successful part of our economy in 
this country. 

And I think for us to go down this road and not really be sure 
that we are going to inform the consumer that some of the benefits 
that they take for granted right now could very easily go away if 
we are not very careful and cautious about what we do here. 

Let me ask this final question because my time is almost out. Let 
us assume, for purposes of this discussion, you get all the authority 
that you may think you need, and you do a lot of rules and regs, 
and we will fast forward 2 or 3 years because that is how long it 
will take. 
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You think that you are going to have the staff to go after the bad 
guys on this? Do you have currently enough staff to go after the 
bad guys? 

Mr. Vladeck. We currently are very short-staffed. But having 
said that, we have a very vigorous enforcement agenda in this 
area. 

In the last couple of months, we have brought enormous cases 
against Playdom, against Google, against Twitter. So, you know, 
our staff works very hard and are very capable. But we believe that 
we have the authority 

Senator McCaskill. You don’t think you need more people 
to 

Mr. Vladeck. Oh, I need more people. 

[Laughter.] 

Senator McCaskill. Thank you, Mr. Chairman. 

Senator Pryor. Thank you. 

Now when I asked my rounds, I still had 2 minutes left on my 
questions. And what I would like to do is go ahead and finish my 
questions and then move to the next panel because we have several 
witnesses who are here and want to speak. 

But let me just ask a couple of follow-ups with you, Mr. Vladeck, 
before I let you go. 

One is more of just an open-ended question that I don’t even 
need an answer to today, but it is something we need to think 
about. And that is when it comes to children, should there be spe- 
cial privacy protections for children? 

And I think that is a hard one to practically put that into effect. 
But it is just something we need to think about, and we would love 
to have your help on that as we think through it. 

Second, this is something I am going to ask the next panel. But 
if a person removes an app, does any of the software stay on their 
phone? 

Mr. Vladeck. I don’t know that answer, and I will have to get 
back to you. 

Senator Pryor. And I will ask the second panel as well. I just 
didn’t know if you were aware. 

And the third thing I had, before I let you go, is I am concerned 
about in-app purchases. And I know that I have written a letter 
to the Commission on that. Do you mind just giving us 1 minute 
on in-app purchases and where you are and where you think the 
industry is on that? 

Mr. Vladeck. Well, we are engaged in a number of nonpublic in- 
vestigations. I think the simplest way to put it is no parent hands 
a child a phone with a game expecting to run up a bill of more than 
a penny or two. And we have, of course, seen parents be presented 
with bills in the hundreds of dollars. We are quite concerned about 
that. 

We have registered our concerns with both the app manufactur- 
ers and everyone else involved in this ecosystem, and that is an 
issue that we are pursuing. 

Senator Pryor. Great. 

I want to thank you for your attendance today and your testi- 
mony, and I am certain that some of my colleagues will have more 
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questions for the record. So we would love for you to work with our 
staff on getting those back to us, when you can. 

Mr. Vladeck. It is our pleasure. Thank you so much. 

Senator Pryor. Thank you. 

And what I would like to do now is go ahead and excuse this 
panel, this witness, and bring up the second panel. And in order 
to save time, I would like to go ahead and do their very brief intro- 
ductions as they are getting situated. We have five witnesses on 
this panel. 

We have Bret Taylor, Chief Technology Officer of Facebook. We 
have Morgan Reed, Executive Director, Association of Competitive 
Technology. We have Catherine Novelli, the Vice President, World- 
wide Government Affairs of Apple Inc. And we also have Alan Da- 
vidson — yes, come on up and grab a seat — Alan Davidson, Director 
of Public Policy for the Americas, Google Inc. And we have Amy 
Shenkan, President and Chief Operating Officer of Common Sense 
Media. 

So, as the staff is getting them set up, we appreciate you all 
being here, and we appreciate your testimony. And as I said with 
the previous panel, your written statements will be made part of 
the record. So if you want to sort of streamline that and do it in 
under 5 minutes, I think the Committee would appreciate that. 

But why don’t we go ahead and start with you, Mr. Taylor? And 
if you could give us your statement — again, if everyone can keep 
it to 5 minutes or less, that would be great. 

Mr. Taylor? 

STATEMENT OF BRET TAYLOR, 

CHIEF TECHNOLOGY OFFICER, FACEBOOK 

Mr. Taylor. Thank you, Chairman. 

Chairman Rockefeller, Chairman Pryor, Ranking Member 
Toomey, and members of the Committee, thank you for inviting me 
to testify today. 

Mobile phones and the Internet bring tremendous social and eco- 
nomic benefits. Just a decade ago, most online content was static 
and accessed through desktops. Today, the Internet is an inter- 
active social experience, defined by a person’s connections, inter- 
ests, and communities. 

And thanks to the explosive growth of smartphones and mobile 
applications, people can access a personalized social Web wherever 
and whenever they want. With that growth of innovations comes 
legitimate questions about protecting personal privacy on the web, 
and we are grateful to have the opportunity to discuss those issues 
with other stakeholders today. 

Everyone has a key role to play in keeping people safe and se- 
cure online. Facebook works hard to protect individuals’ privacy by 
giving them control over the information they share and the con- 
nections they make. 

As Facebook’s chief technology officer, these issues are of par- 
ticular concern to me. We understand that trust is the foundation 
of the social web. People will stop using Facebook if they lose trust 
in our services. At the same time, overly restrictive policies can 
interfere with the public’s demand for new and innovative ways to 
interact. 
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For Facebook, getting this balance right is a matter of survival. 
This is why we work to develop privacy safeguards without inter- 
fering in people’s freedom to share and connect. 

I want to address five main points, which are covered in more 
detail in my written testimony. First, the openness of the Internet 
is a catalyst for innovation. This openness is what enabled Mark 
Zuckerberg to launch Facebook from his college dorm room in 2004, 
and it now allows more than a million third-party developers to 
offer a nearly infinite variety of services through the Facebook plat- 
form. 

In addition, the social Web is an engine for jobs, innovation, in- 
vestment, and economic growth. Big companies and small busi- 
nesses are hiring individuals to manage their social media outreach 
strategies. Entrepreneurs are building new business models based 
on the social web. 

But the Internet’s open architecture also creates technical chal- 
lenges for the transfer of data. Facebook is leading the way in de- 
veloping new technologies to make the social experience more se- 
cure. 

Second, mobile technology plays an increasingly important role 
in how people use Facebook and the social web. Facebook has 
worked to ensure a seamless experience across our Web and mobile 
services, and over 250 million people access Facebook on their mo- 
bile devices every month. 

We are one of the few Internet companies to extend our privacy 
controls to our mobile interfaces, providing the same privacy con- 
trols on our mobile applications as we have on our website. If an 
individual changes his or her privacy settings on their phone, those 
changes will change their settings on facebook.com and every other 
device that the user may use to access Facebook. 

Third, we have built robust privacy protections into facebook.com 
and our mobile offerings. Because each individual’s privacy pref- 
erences are different, we cannot satisfy people’s expectations by 
adopting a one-size-fits-all approach. 

Instead, we strive to create tools and controls that enable indi- 
viduals to understand how sharing works on Facebook and to 
choose how broadly or how narrowly they wish to share informa- 
tion at the time they are sharing it. In particular, we use privacy 
by design practices to ensure that privacy is considered throughout 
our company and our products. 

We are currently testing a new, more transparent privacy policy 
that communicates privacy in a simple, interactive way. Our con- 
textual controls allow people to easily decide how broadly they 
want to share a particular piece of information. 

Our sophisticated security protections — including one-time pass- 
words, remote logout, and login notifications — are state-of-the-art. 
And we continually engage with the Facebook community in order 
to evaluate and improve our services and the privacy safeguards 
we offer. 

Fourth, we work to build trust on the Facebook platform, which 
enables independent developers to build social experiences on 
Facebook, as well as other locations around the Internet. We be- 
lieve that individuals should be empowered to decide whether they 
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want to engage with some, many, or none of these third-party serv- 
ices. 

For this reason, we have created industry-leading tools for trans- 
parency and control so that people can understand what data they 
are sharing and make informed decisions about the applications 
and websites they decide to use. We also encourage community po- 
licing so that individuals, employees, and developers can help us 
identify possible issues. These features are available across the en- 
tire Facebook experience and our mobile applications and on 
facebook.com. 

For the independent developers who use the Facebook platform, 
we expect and we require them to be responsible stewards of the 
information they obtain. We have robust policies and technology 
tools to help them embrace this responsibility, and we are always 
doing more. 

Last year, we worked with other industry leaders to build an 
open standard for authentication that improves security on the 
Internet. Now that this standard is mature and has broad partici- 
pation around the industry, we are requiring developers on the 
Facebook platform to migrate to it. This transition will result in 
better and more secure relationships between developers and the 
individuals who use the applications and the websites they build. 

Finally, we use our position in the industry to encourage others 
to play their part in safeguarding the public’s trust, whether it is 
developers, users, browsers, or operating system designers. We also 
support government efforts to take action against bad actors and 
highlight important issues like today’s hearing. 

Everyone has a role to play in building and securing the mobile 
and online environments that are enriching people’s lives each day. 

Thank you for the opportunity to testify, and I look forward to 
answering your questions. 

[The prepared statement of Mr. Taylor follows:] 

Prepared Statement of Bret Taylor, Chief Technology Officer, Facebook 

Chairman Rockefeller, Chairman Pryor, Ranking Member Toomey, and members 
of the Committee, my name is Bret Taylor, and I am the Chief Technology Officer 
at Facebook. Thank you for inviting me to testify today on privacy issues in the mo- 
bile environment. Facebook is committed to providing innovative privacy tools that 
enable people to control the information they share and the connections they make 
through our mobile applications, as well as on facebook.com. We appreciate the 
Committee’s initiative in holding this hearing today and providing us the oppor- 
tunity to discuss our efforts to enable people to connect and share in a safe and se- 
cure environment. 

The explosive growth of smartphones and mobile applications, along with innova- 
tions in the way individuals interact and share information, has brought tremen- 
dous social and economic benefits. Just a decade ago, few individuals had Internet- 
enabled mobile phones. Online content was largely static and consumed through 
desktops. When people interacted, they did so using very limited forms of commu- 
nication like e-mail and instant messaging. Today, smartphones have become indis- 
pensable devices for many people, and the technology that many of us carry in our 
pockets enables access to a far more personalized and interactive “social web” 
through which people can choose to share their experiences with friends and receive 
content that is tailored to them individually. 

Facebook develops innovative products and services that facilitate sharing, self- 
expression, and connectivity. We work hard to protect individuals’ privacy by giving 
them control over the information they share and the connections they make. For 
Facebook — like other providers of social technologies — getting this balance right is 
not only the right thing to do, but a matter of survival. Trust is the foundation of 
the social web, and people will go elsewhere if they lose confidence in our services. 
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At the same time, Facebook is fundamentally about sharing, and adopting overly 
restrictive policies will prevent our social features from functioning in the way that 
individuals expect and demand. Thus, to satisfy people’s expectations, we not only 
need to innovate to create new protections for individuals’ information; we also need 
to innovate to ensure that new protections do not interfere with people’s freedom 
to share and connect. We need to continually evolve our services and the privacy 
safeguards included in them to respond to the feedback that we receive from the 
community and as required by law. 

In my testimony today, I will address five topics. First, I will describe how the 
open architecture of the Internet has empowered the innovations of the social Web 
and is fueling the growth of the economy. I will also explain how this open architec- 
ture presents security and privacy challenges to Internet users and the steps we and 
other companies have taken to address these challenges. Second, I will discuss the 
growing importance of mobile services at Facebook and how these innovations are 
driving the social web. Third, I will address the robust privacy protections that we 
build into facebook.com and our mobile offerings. Fourth, I will discuss the infra- 
structure tools that we provide in order to encourage responsible privacy practices 
among the independent developers who use our platform. Finally, I will explain how 
our efforts in advancing security and privacy online must be matched by those of 
other actors who likewise have an important role in safeguarding the public. 

I. The Importance of the Internet’s Open Architecture in Fostering 
Innovation 

Facebook provides people with exciting, innovative and free tools for communica- 
tion and sharing. In addition, through Facebook Platform, Facebook provides a set 
of tools that enable independent third-party developers to build applications and 
websites that are more social and people-centered than traditional Web experiences. 
In both respects, Facebook seeks to build upon the openness of the Internet. The 
Internet has flourished as a robust zone for innovation and expression because it 
is an open marketplace in which ideas succeed or fail based on merit. The Depart- 
ment of Commerce recently noted that, “in contrast to the relatively high barriers 
to entry in traditional media marketplaces, the Internet offers commercial opportu- 
nities to an unusually large number of innovators, and the rate of new service offer- 
ings and novel business models is quite high.” 1 This environment is what enabled 
Mark Zuckerberg to launch Facebook from his college dorm room in 2004. That 
same innovative spirit is flourishing on Facebook Platform, which is now used by 
more than a million third-party developers to offer a nearly infinite variety of tools 
that enhance individuals’ experience both on and off Facebook. 

The Internet as it existed at the turn of the millennium was a relatively isolated, 
passive, and anonymous experience, and few individuals had the ability to access 
online services through their mobile phones. All visitors to a news site, for example, 
had the same, one-size-fits-all experience — as if each of them had purchased the 
same edition of the same newspaper. Thanks to the transformative effects of social 
technology, people today can enjoy constant connectivity, personalized content, and 
interactive social experiences across a range of devices. On Facebook, for example, 
each of the more than 500 million people who visit the site each month has a highly 
personalized, unique experience — one that provides updates and other content based 
on the information and activities that the user’s own unique circle of friends have 
shared. The social Web also creates enormous opportunities for anyone with an 
Internet connection to connect and share with their family, friends, and the world 
around them. I am proud to say that almost every United States Senator and more 
than 400 members of the House of Representatives, have Facebook pages that they 
use to reach their constituents and engage with them on matters of policy and pub- 
lic concern. I am equally proud to highlight that, after the recent tornadoes in the 
Southeast scattered irreplaceable photographs and other documents far from their 
owners’ homes, one individual created a Facebook page that more than 100,000 peo- 
ple eventually connected with in order to identify and return thousands of items 
that might otherwise never have been recovered. Further from home, Facebook’s 
photo and video-sharing features enable members of the military to stay connected 
with their friends and families — to watch their children grow — despite serving thou- 
sands of miles away. And, as recent news reports reveal, people around the world 
have embraced Facebook and other social media as key tools for social engagement. 


1 Dep’t of Commerce, Commercial Data Privacy and Innovation in the Internet Econ- 
omy: A Dynamic Policy Framework 19 (Dec. 16, 2010). 
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The social Web is also an engine for jobs, innovation, investment, and economic 
growth. One job-listing site alone includes 31,000 Facebook-related jobs. 2 Small 
businesses are increasingly relying on social media to generate exposure for their 
companies, increase sales, and obtain new business partnerships — in a recent sur- 
vey, two-thirds of small business owners “strongly agreed” that social media was im- 
portant for their company. 3 The social Web also creates new opportunities for busi- 
nesses to inform people about their products and services, which is why many com- 
panies are now hiring individuals to strategize around social media outreach. 4 At 
least as important, hundreds of thousands of developers have built businesses by 
creating applications for the social web. To take just one example, game developer 
Zynga, creator of the popular Farmville game, plans to hire an additional 700 em- 
ployees this year and has been valued at $7 billion. 5 And entrepreneurs have only 
begun to tap into the advancements in productivity and collaboration that social 
media makes possible, which means that the social Web will continue to transform 
the economy for years to come. 

The open architecture of the Internet makes it a phenomenal catalyst for 
connectivity, sharing, and economic growth. But that same openness creates tech- 
nical challenges: what was secure enough for the anonymous Web is not secure 
enough for the social web. Facebook will continue to develop new technologies that 
protect individuals’ security and privacy on the social web, and time and again we 
have demonstrated our ability to move quickly to address the challenges associated 
with harnessing the innovation of the Internet while advancing technology in a way 
that makes the social experience more secure. I discuss these efforts in more detail 
below in Sections III and IV. 

II. The Role of Mobile Services at Facebook 

Over 500 million people now use Facebook’s free services to connect and share 
their information, and more than 250 million of them do so through mobile devices. 
The proliferation of technology platforms means that individuals are accessing 
Facebook on multiple devices and in a variety of circumstances — at work, at home, 
at school, and on the go. Ensuring a seamless experience across all of our web and 
mobile presences is a tremendous engineering challenge. Whenever we roll out new 
features, we must consider how they will be implemented on multiple versions of 
our product: facebook.com, our various mobile sites, the iPhone application, the An- 
droid application, Facebook for Blackberry, and custom integrations of Facebook on 
other mobile devices. 

Facebook has taken the lead in developing innovative privacy tools to enable indi- 
viduals using Facebook through mobile devices to share and connect with the people 
they care about, whenever and wherever best suits them. For example, we recently 
launched a new version of our mobile website, rn.facebook.com, that is simpler and 
works with the capabilities of thousands of different phones. We also introduced 
0. facebook.com as a faster and free way for people to access Facebook around the 
world, including in locations where connectivity is especially costly and slow. Indi- 
viduals who access 0. facebook.com on the networks of our partner mobile service op- 
erators can update their status, view their News Feed, comment on posts, send and 
reply to messages, or write on their friends’ Wall — without any data charges. Indi- 
viduals only pay for data charges when they view photos or when they leave to 
browse other mobile sites. 

Another innovation we rolled out last year was Facebook Places, a feature that 
allows people to share where they are and the friends they are with in real time 
from their mobile devices. For example, individuals attending a concert have the op- 
tion of sharing their location by “checking in” to that place, which lets their friends 
know where they are. Individuals can also easily see if any of their friends have 
chosen to check in nearby. Facebook Places supplements existing sharing tools by 
enabling individuals to connect with each other in real time and in the real world. 

A recent report by the Pew Internet & American Life Project found that two- 
thirds of American mobile phone users take advantage of advanced data features, 


2 Shareen Pathak, The Facebook Job Engine, FINS (May 16, 2011), http: I / it-jobs.fins. com / Ar- 
ticles / 'SB 1305 14803310615197 / The-Facebook-Job-Engine?link=FINS_hp. 

3 Michael A. Stelzner, 2011 Social Media Marketing Industry Report 11, 17-18 (Apr. 
2011), http :/ / www.socialmediaexamijier.com / SocialMediaMarketingReport2011.pdf 

4 See, e.g., Social Media Growth Creates New Job Opportunities, Herald & Review, Jan. 4, 

2011, http .7 / www.herald-review.com / news / national / article 5alffb20-1811-lle0-95b5-001cc4c0 

02e0.html. 

5 Pathak, supra note 3. 
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such as mobile applications, e-mail and Web access, and text messages. 6 The ubiq- 
uity of mobile technology makes it easier than ever for people to tap into the social 
web, especially for people who may not have access to broadband but do have a mo- 
bile phone. Our own internal research shows that people who access Facebook 
through mobile devices are typically twice as active as other individuals. This in- 
creased attention, together with the technological ability to introduce innovative fea- 
tures that utilize mobile capabilities, means that mobile will play an increasingly 
important role in how people use Facebook and the social Web more generally. 

III. Facebook’s Commitment to Privacy in Our Product Offerings 

As we continue to develop rich services on Facebook, we are guided by our rec- 
ognition that trust is the foundation of the social web. As the Commerce Depart- 
ment has noted, “[Clonsumer trust — the expectation that personal information that 
is collected will be used consistently with clearly stated purposes and protected from 
misuse is fundamental to commercial activities on the Internet.” 7 

Facebook builds trust, first and foremost, through the products and services we 
make available on facebook.com. We understand that individuals have widely vary- 
ing attitudes regarding the sharing of information on Facebook: some people want 
to share everything with everyone, some want to share far less and with a small 
audience, and most fall somewhere in between. Because each individual’s privacy 
preferences are different, we cannot satisfy people’s expectations by adopting a one- 
size-fits-all approach. 8 Instead, we strive to create tools and controls that enable in- 
dividuals to understand how sharing works on Facebook, and to choose how broadly 
or narrowly they wish to share information. Our commitment to these basic con- 
cepts — understanding and control — is evidenced in five specific areas, each of which 
is a key focus of our business. 

Privacy by Design. We have taken several steps to ensure that privacy is being 
considered throughout our company and products. For example, we have a Chief 
Privacy Counsel and other dedicated privacy professionals who are involved in and 
review new services and features from design through launch to ensure that privacy 
by design practices are incorporated into our product offerings. We also provide pri- 
vacy and security training to our employees, engage in ongoing review and moni- 
toring of the way data is handled by existing features and applications, and imple- 
ment rigorous data security practices. Of course, “privacy by design” does not mean 
“privacy by default”; as services evolve, so do people’s expectations of privacy. At 
Facebook, we believe that providing substantive privacy protections means building 
a service that allows individuals to control their own social experiences and to de- 
cide whether and how they want to share information. 

Transparent Policies. Many websites’ privacy policies are challenging for people to 
understand because they are often written for regulators and privacy advocates, not 
the majority of people who actually use those websites. We believe that privacy poli- 
cies can and should be more easily understood, which is why we are currently test- 
ing a new policy that communicates about privacy in a simpler, more interactive 
way. We call this “Privacy Policy 2.0.” It uses easy-to-understand language, presents 
information in a layered format so that individuals can quickly zero in on what they 
want, and incorporates explanatory screenshots, examples, interactive graphics, and 
videos throughout. 

Contextual Control. In its December 2010 Preliminary FTC Staff Report on Pro- 
tecting Consumer Privacy in an Era of Rapid Change: A Proposed Framework for 
Businesses and Policymakers , the FTC emphasized that consumers should be “pre- 
sented with choice about collection and sharing of their data at the time and in the 
context in which they are making decisions.” Facebook agrees. We introduced inno- 
vative per-object sharing controls in July 2009 to give people an easy way to indi- 
cate how broadly they want to share particular pieces of information. Using the per- 
object sharing controls, people can designate a unique set of sharing preferences for 
a particular type of content (such as photos and videos posted by that individual). 
They can also click on a simple lock icon that appears at the time of publication 
if they want to customize the audience for a particular photo or video that the indi- 
vidual wishes to share more or less broadly. 


6 Kristin Purcell et at., How Mobile Devices Are Changing Community Information Environ- 
ments, Pew Internet & Am. Life Project, 2 (Mar. 14, 2011), http:/ 1 www.pewinternet.org l~l 
media / Files / Reports / 2011 / PIP-Local mobile survey.pdf. 

7 Commerce Report 15. 

8 See, e.g., Mary Madden & Aaron Smith, Reputation Management and Social Media, Pew 
Internet & Am. Life Project, 29 (May 26, 2010), http: // www.pewinternet.org / Reports / 2010 / 
Reputation-Management.aspx (noting that 65 percent of adult individuals of social networking 
services have customized the privacy settings on their profile to restrict what they share). 
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Sophisticated. Security Protections. We recently launched a variety of features that 
enhance people’s ability to make decisions about the security of the information they 
provide. We are the first major site to offer individuals one-time passwords to make 
it safer to use public computers in places such as hotels, cafes, or airports. If people 
have concerns about the security of the computer they are using to access Facebook, 
they can request that a one-time password be texted to their mobile phones. We also 
enable individuals to see all of their active sessions on the site and to log out of 
Facebook remotely, which they may want to do if, for example, they access Facebook 
from a friend’s computer and forget to log out. In addition, we encourage people to 
provide information about the devices that they commonly use to log in to Facebook, 
which allows them to be notified by e-mail or text message if their account is 
accessed from an unapproved device so that they can quickly secure their account. 
Finally, we have long used the secure HTTPS protocol whenever an individual’s 
password or credit card information is being sent to us, and earlier this year we 
offered individuals the ability to experience Facebook entirely over HTTPS. 

Community Engagement. We work hard to obtain feedback from the people who 
use Facebook, and we consider this input seriously in evaluating and improving our 
products and services. Indeed, Facebook’s efforts to publicly engage on changes to 
its privacy policy or information sharing practices are virtually unparalleled in the 
industry. For example, when we propose changes to our privacy policy, we announce 
them broadly and give individuals the ability to comment on the proposed changes 
(unless the changes are administrative or required by law). We are the only major 
online service provider that allows for a vote on the changes if comments reach a 
pre-set threshold. Time and again, Facebook has shown itself capable of correcting 
course in response to individual suggestions and we will continue to be responsive 
to that feedback. 

Taken together, these privacy practices help us build and maintain people’s trust 
as we continue to pioneer the new social and connectivity features that people who 
use Facebook expect and demand. And, because mobile features are increasingly im- 
portant to the Facebook community, we are leading the industry in innovating 
around privacy tools available through mobile devices. For example, most of the pri- 
vacy settings available on the facebook.com site are also available to individuals who 
connect to Facebook through mobile devices. Moreover, these privacy settings are 
persistent regardless of how the individual chooses to share information. Changes 
to privacy settings made on our mobile site will remain effective when that indi- 
vidual accesses Facebook through the facebook.com website. This enables people to 
make consistent, real-time decisions about the data they share — no matter where 
they are or what devices they prefer to use when connecting with their friends and 
communities. 

IV. Promoting Privacy on Facebook Platform 

At Facebook, we recognize that we have a responsibility to promote people’s pri- 
vacy interests whenever and however they are accessing Facebook’s services. We 
also understand that Facebook has an important role to play when independent de- 
velopers build applications and websites that rely on Facebook Platform to create 
social, personalized experiences. We believe that the best way to build trust while 
enhancing the openness and connectivity of the social Web is for all members of the 
Platform ecosystem to embrace their responsibility to be accountable to individuals 
for protecting privacy. 

A. Overview of Facebook Platform 

Although we are proud of the pathbreaking features being developed every day 
at Facebook, we understand that Internet innovation depends on an open architec- 
ture in which a multitude of independent developers can develop new services and 
expand upon existing ones. That understanding is what motivated our decision to 
launch Facebook Platform in 2007. The Platform functionality allows third-party de- 
velopers of applications and websites to offer innovative social experiences to indi- 
viduals on Facebook as well as on other locations around the Internet. 

To date, developers have built more than 800,000 games, mobile applications, util- 
ities, and other applications that integrate with the Facebook Platform. To pick just 
a couple of examples, the Birthday Calendar application allows individuals to track 
birthdays, anniversaries, and other important dates. The We Read application en- 
ables people to share book titles and book reviews with their friends. And on the 
charitable front, the Causes application provides an online platform for individuals 
and organizations to raise funds for charitable causes. 

The innovation enabled by the Facebook Platform extends to the mobile web. As 
discussed above, people who use Facebook have the option of sharing location data 
so that they can tell their friends where they are, see where their friends have 
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checked in, and discover interesting places nearby. With an individual’s express per- 
mission, third-party developers can access location data to create a variety of addi- 
tional social experiences, such as a travel application that gives people the ability 
to see which of their friends have already been to the place they are visiting, or a 
conference application that makes it easy for attendees to find colleagues and con- 
nect with them. 

We are proud of the fact that, in just four short years, Facebook Platform has 
evolved into a flourishing, open ecosystem where everybody has the opportunity to 
innovate in a social way. The multitude of applications and websites enabled by 
Facebook and available through mobile devices is a good example of our commit- 
ment to an open architecture for Facebook Platform and the benefits this brings to 
individuals. The features that we offer on facebook.com compete directly with third- 
party applications and websites that integrate with the Facebook Platform. To pick 
just one example, Foursquare and Gowalla are popular mobile check-in services that 
are similar in many respects to Facebook’s own Places offering. Subjecting our prod- 
ucts to the competitive pressures of the open marketplace helps ensure that we have 
strong incentives to remain on the cutting edge of innovation, which ultimately ben- 
efits the public and the economy as a whole. 

B. Tools to Help People Manage Their Relationships with Developers of Applications 
and Websites 

We recognize that the vibrant nature of Facebook Platform creates significant 
benefits for the public, and we also know that Facebook Platform will only continue 
to thrive if individuals can build safe and trusted relationships with the applications 
and websites that they use. Because individuals should be empowered to decide 
whether they want to engage with some, many, or none of these third-party devel- 
opers, we have created industry-leading tools for transparency and control so that 
people can understand what data they are sharing and make informed decisions 
about the third-party applications and websites that they decide to use. We also 
make it easy for the Facebook community to identify and report potential areas of 
concern. 

Control. From the time of Facebook Platform’s initial launch in 2007, we have 
made clear to individuals that if they choose to authorize a third-party application 
or website, the developer will receive information about them, and we have long re- 
quired developers to obtain only the data they need to operate their application or 
website. In June 2010, technological innovations allowed us to offer people even 
more insight into and control over the actions of developers on Facebook Platform: 
we became the first provider to require developers to obtain “granular data permis- 
sions” before accessing individuals’ information. Developers using Platform must 
specifically identify the information they wish to use and request permission from 
the individual — who retains the ultimate simple choice of whether to share his or 
her information with that outside developer — and Facebook has deployed technical 
means to ensure that developers obtain only the information the user has agreed 
to share. In addition, we make it easy for individuals to revisit their decisions about 
the applications and websites they have authorized in the past. Users can block ap- 
plications and websites they no longer want to access their information, and they 
can also remove certain permissions they have previously granted. Finally, we offer 
a simple, global opt-out tool. With just one click in the Facebook privacy settings, 
individuals can opt out of Platform entirely and thereby prevent their information 
from being shared with any applications or websites. 

Transparency. We encourage people to examine the privacy practices of the appli- 
cations and websites that they use, and we offer tools so that they can easily do 
so. For example, developers using Platform are required to provide a link to their 
privacy policy when seeking individuals’ permission to access information. In addi- 
tion, last October, we rolled out an application dashboard to increase visibility into 
applications’ and websites’ data handling practices. This audit tool allows individ- 
uals to quickly see which applications and websites they have authorized, the per- 
missions they have given to each application or website, and the last time that each 
application or website accessed their information. 

Community Policing. We make it easy for individuals, employees, and developers 
to communicate with us if they identify a problem with a developer’s privacy prac- 
tices. There is a “Report Application” link on the bottom of each application page 
so that people can easily convey their concerns about that particular application. 
Developers, who are often keenly aware of other developers’ data handling practices, 
can and do flag potential issues as well. Our dedicated Platform Operations team, 
which monitors and enforces Facebook’s policies with third-party developers, then 
follows up on the leads we receive by employing a variety of monitoring, testing, 
and auditing processes. 
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Consistent with our commitment to providing a seamless experience across all de- 
vices, we have applied these transparency and control principles to the mobile space, 
despite the engineering challenges associated with communicating on a smaller mo- 
bile screen. Individuals who access third-party applications through our mobile of- 
ferings are also provided with granular information about what information the ap- 
plication or website seeks to access and asked to specifically authorize the devel- 
oper’s use of that data. In addition, just 2 months after introducing the application 
dashboard on the facebook.com site, we launched a similar mobile application dash- 
board that allows people to see a detailed view of the information they are sharing 
with various applications and websites and adjust their settings while on the go. 

C. Promoting Best Privacy Practices Among Independent Developers of Applications 
and Websites 

The goal of Facebook Platform is not only to enable developers to build social ap- 
plications and websites, but also to facilitate direct relationships between people and 
the social applications and websites they use. At the same time, we expect and re- 
quire application developers who use Facebook Platform to be responsible stewards 
of the information they obtain. To this end, we provide clear guidance to developers 
about how they should protect and secure information obtained from people who use 
Facebook, and we also build tools to help them fulfill this responsibility. 

Policies and Practices. Developers are required to abide by our Statement of 
Rights and Responsibilities and Platform Policies, which detail developers’ respon- 
sibilities with respect to the data they obtain. For example, developers may only re- 
quest the data they need to operate, must honor individuals’ requests to delete in- 
formation, must provide and adhere to a privacy policy that informs individuals 
about how the application or website handles individual data, and must refrain from 
selling individuals’ data or transferring it to ad networks, data brokers, and other 
specified entities. In addition, ad networks that developers use to serve ads on appli- 
cations that run on the Facebook Platform are required to agree to our Platform 
Terms for Advertising Providers. Among other things, these terms require the ad 
networks to certify that they do not possess (and will not obtain) any user data re- 
ceived directly or indirectly from Facebook. 

Technology Tools for Monitoring and Review. In addition to manual review of spe- 
cific applications or websites, we also have a series of automated reporting and en- 
forcement tools to quickly identify and respond to potential violations of our policies. 
Our platform enforcement tool aggregates and displays several metrics concerning 
the activities of applications and websites on Platform, including how many data re- 
quests they are sending, what types of data they are requesting, and whether there 
have been any complaints or spam reports. We have a separate data access tool that 
tracks real-time data pulls and rates and provides historical and trend information, 
giving us insight into applications’ or websites’ patterns of data access. We also 
monitor enforcement activity through a dashboard system, which provides a real- 
time view of identified issues, outstanding enforcement actions, and activity by ap- 
plications and websites that are under review. These tools enable us to zero in on 
particular applications and websites that may not be fulfilling their responsibilities, 
and to work with their developers to ensure that they are taking appropriate meas- 
ures to protect the information that they obtain. 

Continuous Improvement. As innovation fuels further advancements in technology, 
we implement new tools to help make Facebook Platform a more secure and trusted 
environment. For example, last year we worked with Yahoo!, Twitter, Google, and 
others to build OAuth 2.0, an open standard for authentication that improves secu- 
rity on the Internet. Now that OAuth 2.0 is a mature standard with broad participa- 
tion across the industry, we are requiring developers on Facebook Platform to mi- 
grate to the more secure authentication standard. Although the transition presents 
significant engineering challenges, we believe that this migration is important be- 
cause it will ultimately result in better and more secure relationships between de- 
velopers and the individuals who use the applications or websites that they build. 

We provide the infrastructure tools described above in order to empower devel- 
opers to act responsibly when handling individual information, and the vast major- 
ity of the applications and websites available on Facebook Platform do so. When we 
become aware of applications or websites that knowingly break the rules, we take 
aggressive action to address the policy violation. In appropriate cases, Facebook has 
required companies to delete data acquired via Platform or banned developers from 
participating on Platform altogether. 

We also have procedures in place to address the possibility of inadvertent data 
transfers. As I noted above, the open architecture of the Internet is intended to fa- 
cilitate connectivity and sharing, but that same openness makes it impossible to 
guarantee the security of every data transfer. We interact regularly with service 
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providers, security experts, application developers, and other participants in the 
Internet ecosystem, and when we are alerted to the possibility of a security issue, 
we act promptly to resolve the problem. For instance, we recently responded quickly 
after receiving a report from Symantec that so-called “access tokens,” which are pro- 
vided to developers to enable them to obtain the information users have authorized 
them to obtain, could be inadvertently passed to third parties when developers using 
a legacy authentication system did not take the necessary technical step to prevent 
this from occurring. We immediately investigated and, although our investigation 
found no evidence that this issue resulted in any individual’s private information 
being shared, we took steps — including accelerating the transition to a more secure 
authentication system — to address the vulnerability Symantec identified before the 
news became public. As this example highlights, forward-thinking solutions can be 
achieved when all participants in the digital ecosystem embrace their responsibility 
to protect individual privacy. 

Like all developers who use Facebook Platform, independent developers who work 
to make the mobile experience more social through integration with the Facebook 
Platform are required to adhere to our Statement of Rights and Responsibilities and 
Platform Policies. In addition, we make available software development kits to de- 
velopers who want to build mobile applications and websites that integrate with the 
Facebook Platform. Those kits provide tools that help developers build more secure 
experiences, by incorporating the most advanced and secure technologies available. 

V. Numerous Stakeholders Have a Role to Play in Advancing Online 
Privacy, Safety, and Security 

We recognize that Facebook has important responsibilities in advancing people’s 
privacy, safety, and security across the site, our Platform, and the social web. At 
the same time, others in the ecosystem likewise play an important role in protecting 
individuals online and in the mobile environment. These include developers, who 
must establish their own relationships with individuals and live up to the expecta- 
tions and trust users place in them; browser and operating systems providers, who 
develop the tools that people use to access the Web and run software and who are 
perhaps best situated to combat many of the technical challenges associated with 
the transition from the anonymous Web to the social web; and individuals, who can 
take security into their own hands through steps such as strong passwords and edu- 
cating themselves about the practices of the developers with whom they interact. 

In fact, the history of advancements in the security of the Internet itself is filled 
with successes achieved through all affected parties working on tough problems. 
One example is the development and use of secure socket layers (“SSL”) to allow 
for secure, encrypted Internet communications and data exchanges. SSL was devel- 
oped by browser vendors largely in response to public demand for a more trust- 
worthy online experience. To realize the full potential of the Internet as a medium 
for sharing information, developers needed to assure people that their online com- 
munications would be secure. The development of secure technologies has led not 
only to the greater connectivity that characterizes the social Web but also to the ex- 
plosion of e-commerce and online banking, both of which are crucial drivers of eco- 
nomic growth. 

Another advancement that was achieved through the collective efforts of inter- 
ested parties is the taming of spam e-mail. The late 1990s and early 2000s saw e- 
mail inboxes and ISP servers overrun by spam, a phenomenon that was not only 
annoying but also costly to service providers and the public. Although spam remains 
a serious problem, its worst effects largely have been mitigated through the com- 
bined efforts of technology companies’ development of sophisticated filtering mecha- 
nisms; legislative and regulatory measures such as the Federal CAN-SPAM Act; 
and the public’s continuing demands for action against bad actors. Both of these ex- 
amples demonstrate how concerted action by various stakeholders in the Internet 
ecosystem — from site designers and browser vendors to government actors and the 
public — can contribute to an increasingly secure online environment. 

As I explained above, we at Facebook work very hard to build user trust by ensur- 
ing transparency and enhancing user control, and by creating a platform that devel- 
opers can use to build social applications in a safe and secure manner. We also use 
our position in the industry to encourage others to play their part in building and 
securing the digital ecosystem. Operating systems and browsers should remain vigi- 
lant in identifying and fixing vulnerabilities that could expose data and resolve long- 
standing design problems inherent in the architecture of the Internet itself. Social 
sharing networks, including Facebook, should continuously innovate on privacy, 
educate their users about new privacy features, and enforce their privacy policies 
with respect to developers who build on social networks’ platforms. Developers, in 
turn, should adhere to our privacy guidelines, publish information about their own 
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data handling practices, and control third-party access to individual information on 
their own sites or applications. People who use social sharing services like Facebook 
should update their passwords, take advantage of safety and security tools and re- 
sources, and educate themselves about the policies of websites and social networks 
they use. And government, too, should play a role, by taking action against bad ac- 
tors who threaten the trust on which the social Web relies, and, through pro- 
ceedings such as this hearing, by highlighting the importance of online safety, secu- 
rity, and privacy. 

VI. Conclusion 

As a facilitator of the social web, we constantly strive to develop better tools that 
will build trust when individuals access our services through any device. We believe 
that it is important to enable individuals to make the privacy decisions that are 
right for them, and to provide infrastructure tools that facilitate trusted relation- 
ships between individuals and third-party application developers. By doing so, we 
are helping to promote the trust that powers the social Web while offering individ- 
uals a robust forum to communicate and share information in new and dynamic 
ways. And we also encourage and support the efforts of other stakeholders in build- 
ing and securing the mobile and online environments that are enriching people’s 
lives every day. 

Thank you for the opportunity to testify today. I look forward to answering any 
questions you may have. 

Senator Pryor. Thank you. 

Mr. Reed? 

STATEMENT OF MORGAN REED, EXECUTIVE DIRECTOR, 
ASSOCIATION FOR COMPETITIVE TECHNOLOGY 

Mr. Reed. Thank you, Chairman Pryor, Ranking Member 
Toomey, and distinguished members of the Committee for the op- 
portunity to speak with you today. 

As ACT’s Executive Director, I represent over 3,000 developers 
and small business entrepreneurs, many of whom write apps for 
smartphones and tablets. 

Often when we consider the issues in this grand setting, we do 
it to look at the impact that it will have on the country at large, 
and we talk in broad themes and big ideas. But today, I would like 
to start off a little differently, breaking it down to the smallest of 
the small, specifically, my pint-sized 5-year-old. 

My daughter is learning to speak Chinese. Granted, she is doing 
it because Dad wants her to. But I let her use an old smartphone. 
I have loaded on Chinese language learning apps, and she now has 
games that test her ear, games that help her recognition, and even 
one that lets her take pictures of a character and gives her a trans- 
lation. 

I have recently seen a demo of an application that will allow her 
to take a picture of an object and also give her a translation audi- 
bly. These are apps that won’t make the cut on the desktop com- 
puter, if, for no other reason, at least for my 5-year-old will never 
sit still. Many of the apps were 99 cents. None of them were more 
than $5. 

When she gets a little older, she and I will use Star Walk app, 
which uses location information to show a real-time movable map 
of the night sky. Mobile apps like these open up worlds of learning 
for kids and adults in ways that were unimaginable 5 years ago. 
And there are thousands of similar stories to mine. 

Over 500,000 apps are available on mobile platforms today. Orig- 
inating less than 4 years ago, the apps economy will grow to $5.8 
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billion this year. In the next 4 years, that total is expected to reach 
$37 billion. And if you include services, we expect to hit $50 billion. 

This is a remarkable American success story in a time of eco- 
nomic uncertainty. U.S. developers account for the vast majority of 
apps available in the market today, creating opportunity through- 
out the country, while also exporting popular programs abroad. 
Eighty-eight percent of the top 500 apps were written by small 
businesses, and the vast majority of these, micro-businesses with 
less than 10 employees. 

More importantly, this is not a Silicon Valley phenomenon. In 
fact, Scott Bedwell developed his series of DJ apps in Bentonville, 
Arkansas. We have got Marble Burst from ZTak from Thomas, 
West Virginia. We have got Quick Bins from Moorhead, Minnesota, 
and we have got Critical Thought from St. Louis, Missouri. 

This is the true geographically diverse nature of this new apps 
economy. And while Apple stores and app stores are helping small 
businesses grow, the devices and various applications provide the 
user with tools to protect their personal information. 

For the smartphone my daughter uses, I have enabled most of 
the privacy settings on the device. I have turned off location serv- 
ices. I have restricted her in-app purchases, and I have disabled 
her ability to add or delete applications. And as she gets older, the 
features I enable will grow with her maturity. 

While the privacy protection in the handset is the place to start, 
we in the apps community know and are doing more to inform and 
educate consumers about how we handle their data. Accordingly, 
ACT has a working group to develop a set of guidelines for mobile 
application developers to enable them to do a better job in creating 
privacy policies and also helping them to understand the com- 
plexity of privacy regulation. 

Most mobile apps collect no information and, therefore, aren’t 
technically required to have a policy, but we feel they should. Not 
because of regulation, but because the most valuable asset they 
have is their trust from their customers. A quick peek at the com- 
ment section on any mobile app site will show you how quickly an 
app can lose favor because it failed to meet customer expectations. 

Now we don’t want anyone to lose sight of the fact that these are 
hard-working, innovative entrepreneurs who create exciting new 
products. And ACT is committed to ensuring that they have the 
tools needed to avoid the pitfalls of data mismanagement. But for 
those few fraudulent app makers who misuse consumers’ personal 
information, we say throw the book at them. 

The FTC’s $3 million COPPA fine against Playdom underscored 
the considerable enforcement measures available. Section V of the 
FTC Act offers government broad authority to go after bad actors 
and effectively oversee the marketplace. 

While recent events in the media have give a high profile to bad 
actors in this area, I would urge the Committee to evaluate the 
considerable enforcement options currently available before cre- 
ating additional regulatory mechanisms. Too often government 
intervention in an emerging technology marketplace has unin- 
tended consequences that can stunt development. 

The last thing we want to do is constrain an industry with tre- 
mendous growth, where our country has such a clear competitive 
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advantage. Let us address bad behavior without threatening this 
uniquely American apps economy. 

Thank you very much. 

[The prepared statement of Mr. Reed follows:] 

Prepared Statement of Morgan Reed, Executive Director, 
Association for Competitive Technology 

Chairman Pryor, Ranking Member Wicker, and distinguished members of the 
Committee: My name is Morgan Reed, and I would like to thank you for holding 
this important hearing on privacy and the growing mobile devices marketplace. 

I am the Executive Director of the Association for Competitive Technology (ACT). 
ACT is an international advocacy and education organization for people who write 
software programs — referred to as application developers — and providers of informa- 
tion technology (IT) services. We represent over 3,000 small and mid-size IT firms 
throughout the world and advocate for public policies that help our members lever- 
age their intellectual assets to raise capital, create jobs, and innovate. 

The new mobile apps world has sparked a renaissance in the software industry; 
small software companies are able to create innovative products and sell them di- 
rectly to consumers. This is a radical departure from the era of up-front marketing 
costs, publisher delays, and piracy problems. The emergence of the mobile app mar- 
ket has eliminated the longstanding barriers to entry that our industry battled for 
the past two decades. 

My goal today is to help explain how small business is building this exciting new 
industry, how what we are doing is helping consumers, and how the very real con- 
cerns about privacy must be dealt with holistically, rather than from a technology- 
specific perspective. 

The Smartphone Ecosystem is Creating Jobs and Opportunities in a Tough 
Economy 

The state of the world economy is profoundly unsettled. Questions about job secu- 
rity, healthcare, and foreclosure have become dinner table conversation throughout 
this country. 

In the face of all of this turmoil, there has been a bright spot in economic growth: 
Sales of smartphones and tablets, such as the iPhone, the HTC Thunderbolt (run- 
ning Google Android) the Samsung Focus (running Microsoft WP7), the iPad, Xoom 
and now RIM’s Playbook continue to outpace all predictions and are providing a 
huge growth market in a slumping economy. In fact, nearly one hundred million 
smartphones were shipped in the first quarter of 2011 1 marking a 79 percent in- 
crease in an already fast growing market. 2 
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In 2008 Apple launched its App Store to provide a place for developers to sell 
independently developed applications for the iPhone. Since then, over 300,000 new 


1 Mark Kurlyandchik, IDC: Nokia Remains Top Smartphone Vendor Worldwide, DailyTech, 
May 6, 2011. 

2 Id. 
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applications have gone on sale, with billions of applications sold or downloaded. The 
Android platform has recently exceeded the growth rate seen in the iPhone, totaling 
more than 200,000 applications, with 10,000 new programs available each month. 
In 2010 we saw the release of Windows Phone 7, with its own applications store 
and an entirely unique user interface. Total unique apps across all platforms are 
expected to exceed 500,000 by the end of 2011. 3 


NUMBER OF AVAILABLE APPLICATIONS 
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Possibly the most important thing we have noticed about the new apps world is 
how it has revolutionized the software development industry. It is nothing less than 
a rebirth. Startup costs of the modern app developer are a fraction of what they 
were just 10 years ago. With mobile and Xbox 360 apps, we have seen the return 
of the small, independent “garage” developer focused on products that can be cre- 
ated and shipped in a matter of months. This new apps-driven model creates a di- 
rect bridge between the customer and the developer. Our members tell us that being 
a developer has not been this exciting since the origins of the personal computer 
and software industry in the 1970s and 1980s. 

The Mobile App Developer — An Analysis 

Apps are overwhelmingly created by small businesses. Of 500 best-selling mobile 
apps, 88 percent are written by small businesses 4 ; and in a majority of cases micro 
businesses with less than 10 employees. 


3 http:/ / d2omthbq56rzfx.cloudfront.net / wp-content / uploads / 2011 / 04 / Distimo-survey-201103- 
app-stores-count.png. 

4 ACT analysis of top 500 selling apps, some discrepancies exist due to lack of verifiable em- 
ployment data and apps created by a developer who has significant investment from a larger 
company. Some apps branded for a larger company are in fact developed by small firms subcon- 
tracted to build the application. Sample size of 408 applications, from “top apps” on March 25, 
2011 . 
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Top Apps by Business Size 



■ Small Business (>250} 

■ Large Business (<250) 


Second, app developers are not just in California. During the dot-com boom of the 
1990s, the majority of growth occurred in Silicon Valley while the rest of the country 
was not able to reap the direct benefits of the economic boom. The growth of the 
mobile apps industry has led to job creation all across the United States. While Cali- 
fornia continues to have a large representation of app developers, nearly 70 percent 
of the businesses are located outside of the state of California. This new burgeoning 
industry allows developers to live almost anywhere, including Little Rock, Arkansas 
and Tupelo, Mississippi. 

Top Apps by Business Location 



Third, app development companies have low initial costs but also have the ability 
to become a highly successful and sustainable business. ACT’s members reported de- 
velopment costs ranging from $1,000 to upwards of $1,000,000. Given the wide 
range of our findings and those of other reports, 5 it is useful to view the cost of mo- 
bile app development in tiers. 

Tier one represents a simple apps with no real back-end server-based 
functionality, and can run in the low thousands; this category makes up a sig- 
nificant percentage of all the apps in various mobile stores. They may be single 
feature programs, vanity apps, or just irreverent apps like iBeer. 

Tier two are the apps that provide multiple levels of functionality, often work- 
ing with data stored in a remote server to provide information/ user generated 
content, or advanced capabilities like writing and saving specialized documents. 
This tier runs from $30,000 to $100,000. 

Tier three runs from $100,000 on up. This category is for apps that may need 
to tie into sophisticated inventory management systems, require specialized li- 
censes for content, interface with business critical data bases not just to read, 
but also write information, and finally, games with immersive environments 
where art and music costs can be significant. 


http: l / appmuse.com / appmusing / how-much-does-it-cost-to-develop-a-mobile-app / . 
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Understanding the Real Opportunity for Small Business 

Mobile App Stores — In a store environment, app developers charge their cus- 
tomers to download applications and/or charge them for purchases they make inside 
the app. For example, photography app Hipstamatic costs $1.99 to download. If 
users want additional camera effects (Kodachrome or Holga for instance) they can 
buy the add-ons in the application. 

The exponential growth in app stores during the past few years is unprecedented. 
Apple was first, launching the iTunes App Store less than 4 years ago, and was soon 
followed by Nokia, Google, Microsoft, Amazon and others. According to IHS, in 2010 
the worldwide market revenue of these app stores in 2010 was $2.15 billion, a 160 
percent increase over 2009, and is expected to reach nearly $4 billion this year. 
Forrester Research estimates that the revenue created from customers buying and 
downloading apps to smartphones and tablets will reach $38 billion by 2015. 

A growing percentage of revenues for app markets are coming from “in-app pur- 
chases.” According to Xyologic, a company that indexes and analyzes app store data, 
40 percent of game downloads are now free titles with in-app purchases. In March, 
it found there were nearly 100 million downloads of free iPhone games from the App 
Store. 

Yet revenues from app purchases and in-app purchases only represent a part of 
the overall opportunity for app developers. According to Xyologic, 80.8 percent of all 
app downloads in the month of March were free. While some of those apps relied 
on in-app purchasing for revenue, many others were supported by advertising or de- 
veloped to support other brands and services. 

Custom Mobile Development — Additionally, many applications are made available 
for free by larger companies in order to extend services to mobile devices or as mar- 
keting tools. From Citibank’s online banking app to Pepsi’s “Refresh Project” and 
Conde Nast’s magazine apps, Fortune 1000 companies are increasingly offering mo- 
bile apps to their customers and potential customers. While large companies brand 
these apps, smaller companies with the expertise necessary to build world-class ap- 
plications under tight deadlines usually build them. These apps represent the ma- 
jority of the more than 600,000 free apps available across all app markets. This 
translates into a tremendous number of job-creating opportunities for smaller app 
development shops. Forrester Research predicts this market to reach $17 billion by 
2015. 

Mobile Advertising Revenues — Finally, some apps are supported either entirely or 
partly by advertising revenue. This is an increasingly important model especially as 
the Android platform grows in marketshare. Some applications charge for 
downloads and run advertisements inside the app itself. In-app mobile advertising 
is growing more slowly than revenues from app downloads and in-app purchases, 
but it is a particularly important revenue model for apps with enormous scale, or 
“eyeballs.” In the games category, which represents around half the app market, the 
total revenue from in-app advertising was $87 million according to Juniper Re- 
search. Juniper expects that to grow to around $900 million by 2015. 

The business model of the platform makes a difference in how developers pursue 
revenue. As shown in an earlier chart, the iOS store has more than 333,000 applica- 
tions, and nearly 70 percent of those are paid for up front. Google/Android, a com- 
pany whose entire revenue stream and dominant market position is dependent on 
advertising, tends to push developers toward the advertising model, with only 30 
percent of the 206,000 apps relying on direct payment to the developer. 

The Future for Mobile App Developers — Even more important are the opportuni- 
ties that lay farther ahead. According to a recent Morgan Stanley report, 6 most peo- 
ple haven’t yet invested in such technology. True “smartphones” have around 25 
percent penetration in the U.S.; in Asia, it may be as low as 6 percent. This rep- 
resents a pathway for growth leading far into the future. 

To understand just how important international sales are to the mobile apps mar- 
ket, one only needs to look at a comparison between the total number of users pos- 
sessed by a combined AT&T/T-mobile (130 million wireless subscribers) 7 and Chi- 
na’s number one wireless carrier, China mobile (584 million subscribers). 8 Even if 
only 6 percent of China mobile’s subscribers become smartphone users — and app 
purchasers — the market opportunity for U.S. software developers is huge. 


6 http:/ / www.morganstanley.com / institutional / techresearch / pdfs /2SETUP 12142009 RI. 
pdf. 

7 http: / j www.siouxcityjournal.com / business / local / article f24b5818-eall-5f04-b0b0-d7bbd02 

055b0.html. 

8 http:/ / www.wirelessweek. com / News / 201 1 / 01 / Carriers-Subs-Reach-842M-China-Mobile / . 
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Taking Privacy Seriously: ACT Developing Mobile App Privacy Guidelines 

This nearly $60 billion opportunity is predicated on an ongoing trust relationship 
between app developers and consumers, and that is why we take privacy so seri- 
ously. Accordingly, ACT has convened a working group of app developers rep- 
resenting the entire swath of the apps ecosystem. Additionally, our working group 
includes privacy experts and representatives from Privo, one of the four FTC-recog- 
nized COPPA Safe Harbors. 

The goal of this working group is to provide developers with guidelines that help 
them to create a privacy policy that is clear, transparent, and enables them to fully 
utilize the various device platforms that are being created today. We expect our ini- 
tial guidelines to be available within 30 days and will update them regularly. Addi- 
tionally, we are working with other groups to build a privacy policy generator for 
app developers. Such a tool would allow developers to create custom privacy policies 
that lit the specific requirements of their application. This can remove hurdles for 
these micro firms, and help them to create simple, easy-to-understand privacy poli- 
cies that comply with existing law and provide useful guidance to consumers. 

Finally, our working group is taking a proactive view of the FTC’s Section 5 provi- 
sions under COPPA. Although we expect the FTC to come out with rules addressing 
mobile apps and COPPA very soon, we’ve chosen not to wait. Instead we are cre- 
ating our guidelines and advising our members that mobile apps fall under COPPA, 
and apps developers should make sure that their apps comply with COPPA here in 
the U.S. and any similar privacy provisions in other countries or jurisdictions. When 
the FTC’s rules are promulgated, we will adjust accordingly, but we always stress 
that members should err on the side of privacy protection. 

Enabling Features While Protecting Privacy 

Importance of Location Information for Efficiency — In the lead up to today’s hear- 
ing, considerable critical attention has been directed at the type of information 
stored on smartphones. A misunderstood element in the public debate on this data 
collection is the valuable role location information plays in the underlying 
functionality of the device — beyond just mapping. 

When a smartphone tracks the location of its user, it is making a note to remind 
itself which access point or cell tower was used there to connect to the Internet. 
When a user returns to that area, the phone remembers this information. Each day 
most phone users travel the same route to work or to attend school and then return 
home to the same place. Keeping this data enables the smartphone to easily find 
an Internet connection providing efficient, constant online access. This is important 
for two reasons. 

First is battery life. A phone uses a lot of power to search for a cell tower or wire- 
less router. If it constantly needs to search for an Internet connection, it will deplete 
its battery many times more quickly than if it maintained a constant connection. 
Customers rate the importance of battery life very highly as a feature in the cus- 
tomer experience, so keeping a charge is an important requirement of the phone. 
By maintaining a list of frequently visited locations, a smartphone avoids draining 
its battery in search of data connection points. 
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Map with Location and 
Traffic Data 

The other reason efficient connectivity matters is spectrum scarcity. The prolifera- 
tion of smartphones has led to a crowded wireless spectrum, leading to potentially 
diminishing service quality. Wherever possible, wireless carriers are eager to con- 
nect users to wi-fi for faster connection speed and to lessen the burden on wireless 
networks. Carriers even provide their own wi-fi service for free to customers in 
densely populated areas to help alleviate the demand for wireless spectrum. By 
keeping track of the wi-fi and cell tower locations at frequently visited areas, the 
smartphone can allow users to automatically switch to wi-fi networks to provide 
constant, high quality Internet connectivity while diminishing the pressures on a 
crowded spectrum. 

Location Information for Consumers — While location data is essential for phones 
to operate efficiently, consumers also love the smartphone services made possible 
using location-based technology. Many of the most successful apps or smartphone 
features have become popular based on knowing exactly where users are at any 
given time. And that’s exactly how customers want it. 

Anyone who has owned a smartphone has probably charted their location as a 
blue dot on their map app. Many also use those same programs to see where the 
traffic bottlenecks are before starting their evening commute. Some apps use loca- 
tion to help users find the nearest gas station, post office, parking garage, or coffee 
shop. 

The OpenTable app adds location technology to its existing services to allow din- 
ers to find open tables at nearby restaurants, read reviews, and make reservations 
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with a simple tap of the button. Using location information, the app can also provide 
step-by-step directions to the establishment. 
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Location services on smartphones have also changed the way we interact socially, 
creating a market for check-in features to tell your friends and family where you 
are. Facebook has an app with this feature and, within the last decade, has 
achieved a market valuation approaching $100 billion. Foursquare, an app which 
exclusively provides check-in services, has been valued at nearly half a billion dol- 
lars. 

There is clearly big business opportunity in this marketplace. But location-based 
services and advertising offer a unique opportunity for Main Street businesses as 
well. Some apps, like RedLaser, allow users to scan the UPC code of a product and, 
using the smartphone’s location data, find several local retailers nearby where it can 
be purchased. 
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Red Laser Bar Code Scan 

Meanwhile, a user searching for a particular product or service on their 
smartphone can receive an ad from a local store based on their current location 
data. These ads have the benefit of reaching potential customers at the exact time 
of a purchasing decision and cost far less than the newspaper circulars or the TV 
ads that big box stores are able to afford. 

Similarly, local small businesses can also level the playing field with the national 
chain stores and Internet retailers through shopping apps like Groupon. This app 
has 38 million North American subscribers who receive daily discounts at local es- 
tablishments based on their location data. 

While improving the core performance of smartphones, location data is also the 
building block for apps that users find useful and provide small businesses with op- 
portunities to reach new customers. This data also contains information about the 
user which they may want to keep private so appropriate safeguards must be in 
place to ensure it is used in a manner with which consumers are comfortable. 

The Smartphone ID Conundrum 

Recent news stories have focused on the existence of unique identifiers attached 
to each smartphone. Known as a UDID number for iPhone and Android ID for An- 
droid-based products, this is a number that serves as a unique token for each de- 
vice. The Wall Street Journal article “What They Know — Mobile” 9 made special ef- 
fort to note the transmission of this number by nearly every single application in 


http . ■/ / blogs, wsj.com / wtk-mobile / . 
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the market. While highlighting the transmission of a “unique identifier” may make 
for good newsprint, the article unfortunately did not properly explain why devel- 
opers transmit this number. 

In order to help better explain the role this Smart Phone ID (SPID) number plays 
in the development and maintenance of mobile applications, ACT surveyed devel- 
opers 10 to find out how they currently used the SPID number. Respondents high- 
lighted three key uses: 

• Allows developers to control access to parts of the program without locking the 
user out completely (i.e., locking achievement levels in games, viewing paid sub- 
scriber content); 

• Prevents piracy of applications, allows verification of ownership for updates to 
apps; and 

• Allows management of access control for software testing and customer service. 

Additionally, developers reported on several benefits to their customers in specific 
and consumers in general. Most often cited were: 

• Working in concert with other stored data, the SPID makes it possible to have 
applications remember your favorites even when you buy a new phone; 

• Helps content providers know when your device is on a wi-fi network instead 
of 3G, thus allowing them to send you HD or other high bitrate content; and 

• Makes it easier to receive updates without verification procedures that annoy 
customers. 

Finally, developers use SPID numbers to interact with third party ad networks; 
SPIDs are required by many ad networks as part of the terms of service. 

At first glance, it would seem to make perfect sense to only allow the SPID to 
be shared with the app maker itself, but not with third parties. However, in today’s 
world, many different companies work together to provide services to customers. For 
instance, when shipping a product via FedEx, the sender shares considerable per- 
sonal information about the recipient with the (third party) shipper including con- 
tact information and purchased items. Similarly, small businesses rely on cloud 
computing to give customers a complete service offering in a cost-effective way. For 
game developers, a company like OpenFeint offers an easy way to keep track of 
scores and allows game users to interact with each other, saving app makers thou- 
sands of dollars in development time and ongoing infrastructure cost. This service 
needs to be able to tell devices apart. 

Finally, developers felt that the usage restrictions and best practices for SPIDs 
were well documented, especially on Apple’s iOS giving us plenty of advice to app 
makers on how to properly handle this information. 11 

The key takeaway from this survey is that it is important, and often necessary, 
to keep devices separate and uniquely identified. Users may own many devices, mul- 
tiple people may share devices (for example, family members), and others switch de- 
vices. Developers have different technical reasons to identify devices, but all come 
down to the same thing: enhancing the user experience. The developer’s focus is in 
making the user’s phone more convenient and useful. 

Understanding the Existing Laws and Regulations 

Regardless of how data protection is approached, it’s critical to note the protec- 
tions offered under existing Federal and state laws and regulations. In particular, 
consumer-protection laws currently provide technology-neutral legal standards to 
address data-privacy and data-security concerns regardless of whether they arise 
from undisclosed hacking, phishing, inadvertent peer-to-peer “sharing” of sensitive 
personal files, unauthorized wifi-snooping and art contests seemingly designed to 
enable the reverse-engineering of children’s Social Security numbers. 

Currently, the FTC Act gives the FTC broad authority to act against those who 
misuse data, regardless of the technology used. Specifically, Section 5 of the FTC 
Act directs the FTC to take action against any business engaging in “deceptive” or 
“unfair” trade practices. 12 

The FTC’s duty to halt deceptive trade practices authorizes the FTC to take law 
enforcement action not only when a business violates explicit promises to con- 


10 ACT April 28 questionnaire to members working on at least one mobile platform. Question: 
How do you currently use UDID/Android ID in your development process? 

11 http: I / developer.apple.com / library / ios / # documentation / uikit / reference / UIDevice Class / 

Reference / UIDevice.html. 

12 15 U.S.C. §45. 
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sumers, 13 such as violations of stated privacy policies or terms of use, but also even 
when a business makes material omissions to consumers, 14 such as not telling con- 
sumers about the sharing of their collected information with third parties. 

Similarly, the FTC’s duty to halt unfair trade practices authorizes the FTC to 
take law-enforcement action when business practices cause injuries to consumers 
that are: substantial; not outweighed by countervailing benefits to consumers and 
competition; and could not have been reasonably avoided by consumers them- 
selves. 15 For example, the FTC can take action against a business’s failure to report 
a data breach. 

Finally, it is critical to understand two points about consumer-protection laws. 
First, the FTC has real teeth if it finds that a company engaged in “unfair or decep- 
tive practices,” including assessing injunctive and civil penalties. Second, state con- 
sumer-protection acts grant state Attorneys General even broader substantive and 
remedial powers than those that Federal law grants to the FTC. As a result, even 
were resource constraints or agency capture to preclude FTC action in a particular 
case, 50+ law enforcement agencies would still have broad, technology-neutral au- 
thority to protect the privacy and security of consumers’ data. 

Consequently, the consumer-protection authority of the FTC and state Attorneys 
General already authorizes and requires these law enforcement agencies to patrol 
the Internet for companies that might violate their promises to consumers or cause 
them substantial harm. The FTC recently used such authority to protect consumer 
privacy by taking action against Google 16 and Chitika 17 for failing to properly han- 
dle consumers’ information. Both companies now face twenty years of oversight and 
damage to their brands. 

Existing consumer-protection laws thus already authorize both the FTC and state 
law enforcement agencies to police the entire range of products that connect to the 
Internet, including mobile devices, and to take action against the bad actors that 
ignore existing laws and will continue to ignore any future laws. This existing au- 
thority also ensures that good actors already have every incentive to behave reason- 
ably and that bad actors have good reason to fear the existing legal consequences 
of their wrongdoing. 

Given the existing authority of the FTC and State Attorneys General, do we need 
additional regulation? ACT believes this is an open question, but one where con- 
sumer privacy protection should not be viewed through a limited, technology-specific 
lens. Instead, thoughtful, arduous, and considered discussion must take place on the 
role of personal data in the economy, the true interests of consumers, and the best 
interaction between citizens and the providers of products and services that use 
their data. 

Avoiding the Patchwork Problem; Dealing with Data Holistically 

In periods of great technological change, both new opportunities and new chal- 
lenges are created. More often than not, however, the seemingly new challenges are 
merely old issues illuminated under a new light. 

Like the dot-com boom before it, the emergence of smartphones and mobile apps 
have renewed interest in the way corporations and governments collect and share 
data, most importantly, personal data. Yet, in both cases, these new technologies are 
simply bringing new light to issues surrounding the collection of personal data that 
has existed for decades. 

There are genuine questions to be asked and considered with respect to the collec- 
tion and use of personal data. How and when should people be told the data is being 
collected or when it is being shared? How should they be told? Should people be able 
to modify data that is collected about themselves? Should people be able to delete 
data about themselves or otherwise control how it is used? Asking these questions 
only in the context of smartphones and mobile apps ignores the larger picture. The 
technology used to collect the data is much less significant than the important ques- 
tions about the process and behavior of those collecting it. 

First, the data collected by apps developers is an almost infinitesimal piece of the 
global collection of personal data. From credit card companies, to warranty cards, 
to loyalty programs, companies have been collecting data on their customers long 
before the Internet or smartphones came around. Not only do other companies col- 
lect the same data as smartphone apps, but they have exponentially larger collec- 


13 Id. 

14 FTC, Policy Statement on Deception (Oct. 14, 1983) available at http : / j www.ftc.gov Ibcp / 
policy stmt / ad-decept.htm. 

15 15 U.S.C. §45{n); see also FTC, Policy Statement on Unfairness (Dec. 17, 1980) available 
at http:/ lwww.ftc.govlhcplpolicystmtlad-unfair.htm. 

16 In the Matter of Google Inc., a corporation, FTC File No. 102 3136. 

17 In the Matter of Chitika, Inc., a corporation, FTC File No. 1023087. 
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tions of personal data already at their disposal. Information brokers like Epsilon 
and Google collect, retain, and share far more information than all mobile apps com- 
bined. 

Even the collection of location data that has been singled out in recent press re- 
ports is not unique to smartphones and mobile apps. Standalone commercial GPS 
providers like TomTom or GPS-based safety services like OnStar collect this infor- 
mation on their users. Your EZ Pass technology for wireless payment of highway 
tolls also collects and stores location data. More recently, Google has been driving 
the world’s streets eavesdropping on home and business wireless networks to gain 
the ability to find you even on your home computer or laptop. In nearly every in- 
stance, these companies may share that data with third parties. 

Isolating and regulating one specific technology is not the answer to the broader 
questions surrounding the collection and sharing of personal data. Given the enor- 
mity of existing data collections and the number of ways it is amassed, focusing ex- 
clusively on one technology — particularly the newest and least established — is a 
symbolic gesture that does not solve the underlying problem, but creates the false 
sense that the problem has been solved and the need for thoughtful debate and pol- 
icy consideration is over. Regulatory attention should be focused broadly on behavior 
and data usage, applying to everyone, regardless of means of collection and sharing. 

Finally, regulation that focuses solely on new technology discriminates against 
small businesses. Whenever we are talking about new, disruptive technologies, we 
are most often talking about small businesses. Revenue models, customer expecta- 
tions, and efficiency opportunities are all still emerging, and small businesses are 
the driving force. Lots of businesses start, a very small number survive, but in the 
end, we learn what works, and then the large businesses get involved. To stunt the 
growth of a new, experimental market is to discriminate against the very small 
businesses on which we rely to lead innovation and growth in the American econ- 
omy. 

Conclusion 

The future of the digital marketplace looks bright for small business, so long as 
the marketplace remains dynamic and competitive. This is a more than $10 billion 
opportunity for small business across the United States. Barriers to entry in the 
marketplace are currently low, and our members are very excited about the future — 
according to ACT’s board president, Mike Sax, “Programming is fun again!” 

While there are important questions that need to be discussed on personal data 
collection, retention, and sharing, limiting this question solely to smartphones and 
mobile apps would be ineffectual and counterproductive. 

The use of location information and smartphone IDs are providing immense value 
to consumers. Whether it’s the ability to make dinner reservations or find directions 
to the nearest hardware store, our members put a value on creating a product that 
improves the lives of their customers. 

Banning the collection of location data would essentially outlaw these beloved con- 
sumer apps while doing nothing to address the big questions about data collection 
and how that data is used. That is why ACT believes that Congress must take a 
holistic approach to privacy that does not single out any one technology, especially 
nascent ones. We need to outlaw bad behavior, not good technology. I hope that the 
committee will continue to focus the spotlight on the contribution small business 
makes to the future of the digital economy and the way government can do a better 
job to encourage that productive future. Thank you for your time and consideration 
on this important topic. 

Senator Pryor. Thank you. 

Ms. Novelli? 

STATEMENT OF CATHERINE A. NOVELLI, VICE PRESIDENT, 
WORLDWIDE GOVERNMENT AFFAIRS, APPLE, INC. 

Ms. Novelli. Good morning, Chairman Pryor, Chairman Rocke- 
feller, and members of the Subcommittee. 

My name is Catherine Novelli. I am Vice President for World- 
wide Government Affairs for Apple. Thank you for the opportunity 
to further explain Apple’s approach to addressing consumer privacy 
and protection in the mobile marketplace, an issue we take very se- 
riously, especially as it applies to children. 
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I would like to use my limited time to emphasize a few key 
points. First, Apple is deeply committed to protecting the privacy 
of all our customers. We have adopted a single, comprehensive cus- 
tomer privacy policy for all of our products. This policy is available 
from a link on every page of Apple’s website. 

We do not share personally identifiable information with third 
parties for their marketing purposes without our customers’ ex- 
plicit consent. As explained in more detail in my written testimony, 
we require all third-party application developers to adhere to spe- 
cific restrictions protecting our customers’ privacy. 

Second, Apple has built-in innovative settings and controls to 
help parents protect their children while using Apple products, 
both on and offline. These controls are easy to use, password pro- 
tected, and can be administered on all Mac products, as well as on 
all of our IOS mobile devices, including the iPhone, iPad, and iPod 
Touch. These controls can also be enabled quite easily on the 
iTunes store. 

We believe these parental controls are simple and intuitive. They 
provide parents with the tools they need to flexibly manage their 
children’s activities at various stages of maturity and development 
in ways parents deem most appropriate. I have provided detailed 
descriptions and examples in my written testimony. 

Third, Apple does not knowingly collect any personal information 
from children under 13. We state this prominently in our privacy 
policy. If we learn that we have inadvertently received the personal 
information of a child under 13, we take immediate steps to delete 
that information. 

We only allow iTunes store accounts for individuals 13 or over. 
Apple’s iAd Network is not providing ads to apps targeted to chil- 
dren, and we reject any developer app that targets minors for data 
collection. 

Fourth, Apple does not track users’ locations. Apple has never 
done so and has no plans to ever do so. In recent weeks, there has 
been considerable attention given to the manner in which our de- 
vices store and use a subset of Apple’s anonymized location data- 
base of cell towers and Wi-Fi hotspots. The purpose of the database 
is to allow the device to more quickly and reliably determine a 
user’s location. These concerns are addressed in detail in my writ- 
ten testimony. 

I want to reassure you that Apple was never tracking an individ- 
ual’s actual location from the information residing in this cached 
file on their iPhone. Apple did not have access to the cache on any 
individual user’s iPhone at any time. 

Fifth, Apple gives customers of control over collection and use of 
the location data on all of our devices. Apple has built a master lo- 
cation services switch into our IOS mobile operating system that 
makes it extremely easy to opt out entirely of location-based serv- 
ices. The user simply switches the location services off in the Set- 
ting screen. When the switch is turned off, the device will not col- 
lect or transmit location information. 

Equally important, Apple does not allow any application to re- 
ceive device location information without first receiving the user’s 
explicit consent through a simple popup dialogue box. This dialogue 
box is mandatory and cannot be overridden. Customers may change 
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their mind and opt out of location services for individual applica- 
tions at any time by using simple on-off switches. Again, parents 
can also use controls to password-protect and prevent access by 
their children to location services. 

In closing, let me restate Apple’s unwavering commitment to giv- 
ing our customers clear and transparent notice, choice, and control 
over their personal information. We believe our products do this in 
a simple and elegant way. 

While Apple has not taken a public position on any specific pri- 
vacy legislation currently before the Congress, we do strongly agree 
that any company or organization with access to customers’ per- 
sonal information should give its customers clear and transparent 
notice, choice, and control over their information. We share the 
Committee’s concerns about the collection and misuse of any cus- 
tomer data, and we are committed to continuing to work with you 
to address these important issues. 

I will be happy to answer any questions that you may have. 

[The prepared statement of Ms. Novelli follows:] 

Prepared Statement of Catherine A. Novelli, Vice President 
for Worldwide Government Affairs, Apple Inc. 

Good morning Chairman Pryor, Ranking Member Wicker, and members of the 
Subcommittee. My name is Catherine Novelli, and I am Vice President for World- 
wide Government Affairs for Apple Inc. On behalf of Apple, I thank you for the op- 
portunity to address this important subject. 

Apple’s Commitment To Protecting Our Customers’ Privacy 

As we stated in testimony provided before this Committee last summer, Apple is 
deeply committed to protecting the privacy of our customers who use Apple mobile 
devices, including iPhone, iPad and iPod touch . 1 Apple has adopted a single com- 
prehensive privacy policy for all its businesses and products, including the iTunes 
Store and the App Store. Apple’s Privacy Policy, written in easy-to-read language, 
details what information Apple collects and how Apple and its partners and licens- 
ees may use the information. The Policy is available from a link on every page of 
Apple’s website . 2 

Apple takes security precautions — including administrative, technical, and phys- 
ical measures — to safeguard our customers’ personal information against loss, theft, 
and misuse, as well as against unauthorized access, disclosure, alteration, and de- 
struction. To make sure personal information remains secure, we communicate our 
privacy policy and security guidelines to Apple employees and strictly enforce pri- 
vacy safeguards within the company. 

We do not share personally identifiable information with third parties for their 
marketing purposes without consent. We require third-party application developers 
to agree to specific restrictions protecting our customers’ privacy. Moreover, Apple’s 
Safari browser is still the only browser to block cookies from third parties and ad- 
vertisers by default. 

As I will explain in more detail below, Apple is constantly innovating new tech- 
nology, features and designs to provide our customers with greater privacy protec- 
tion and the best possible user experience. 

We are also deeply committed to meeting our customers’ demands for prompt and 
accurate location-based services. These services offer many benefits to our customers 
by enhancing convenience and safety for shopping, travel and other activities. To 
meet these goals, Apple provides easy-to-use tools that allow our consumers to con- 
trol the collection and use of location data on all our mobile devices. Apple does not 
track users’ locations — Apple has never done so and has no plans to ever do so. 

In my testimony today, I would like to reaffirm and amplify Apple’s previous pri- 
vacy testimony before this Committee, while focusing on the following topics of par- 


testimony of Dr. Guy “Bud” Tribble of Apple Inc., on Consumer Online Privacy before the 
U.S. Senate Committee on Commerce, Science, and Transportation, July 27, 2010. 

2 The links take customers to http: / / www.apple.com / privacy, which customers may also ac- 
cess directly. 
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ticular interest for this hearing: (1) Apple’s Parental Controls and Restrictions set- 
tings; (2) Apple’s collection, storage and use of location information on Apple mobile 
devices; and (3) the use of customer information by third-party applications and the 
iAd Advertising Network. 

I. Apple’s Parental Controls and Restrictions Settings 

Apple has implemented industry-leading innovative settings and controls to en- 
able parents to protect their children while using Apple products both on and off- 
line. These controls are easy to use, password protected, and can be administered 
on all Mac OS X products as well as on all of our iOS mobile devices, including 
iPhone, iPad and iPod Touch. These controls can also be enabled quite easily on the 
iTunes store. 

On any Mac, parents can control which Apps their child can run as well as set 
age appropriate restrictions for the App Store. Parents also can control with whom 
their children can exchange e-mails or chat, where they can go online if at all, as 
well as set time limits as to how long they can be on their computer. There are even 
settings that enable a parent to prevent their children from using their Mac at all 
during specific hours, such as during bedtime on school nights. Moreover, these set- 
tings provide parents with logs of what their children were doing while using their 
Macs. These controls are account based, providing a parent with two children, for 
example, the flexibility to apply different levels of parental controls necessary to 
manage activities appropriate for their 8 year old versus those appropriate for their 
14-year-old teenager — levels which are unlikely to be the same. 

On Apple’s iOS mobile devices, parents can use the Restrictions settings to pre- 
vent their children from accessing specific device features, including Location Serv- 
ices (discussed in detail below), as well as restricting by age level Music, Movies, 
TV Shows, or Apps, and also prohibiting In-App purchases. When a parent enables 
these controls, the parent must enter a password (this password is separate from 
the device password that the Parent may set for their child). Once enabled, a parent 
can simply tap to switch-on and off access to various features, functions and Apps, 
even restricting access only to age appropriate content. 
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EXAMPLE: Above are example screenshots from the iPhone that show restrictions 
settings that a mother might have set for her young teenage son on his own iPhone. 
As you can see in this example, this teenager is not permitted to surf the Internet 
or watch YouTube videos. However, he is permitted to use the iPhone camera and 
can participate in FaceTime chats with family and friends. His mother also has 
given him permission to use the iTunes store on his iPhone, but restricted 
downloads only to age-appropriate music and podcasts, movies, and TV shows. 
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While this sample teenager also is able to install and delete age-appropriate Apps, 
his mother has prohibited him from making any In-App Purchases. 

We believe these innovative easy-to-use parental controls are simple and intuitive. 
They provide parents with the tools they need to manage their children’s activities 
at various stages of maturity and development based on the settings they deem ap- 
propriate. 

Finally, I want to make it clear to the committee that Apple does not knowingly 
collect any personal information from children under 13. We state this prominently 
in our Privacy Policy. If we learn that we have inadvertently received the personal 
information of a child under 13, we take immediate steps to delete that information. 
Since we don’t collect personal information from children under 13, we only allow 
iTunes store accounts for individuals 13 or over. With respect to our iAd network, 
our policy is that we don’t serve iAds into apps for children. Further, we make it 
very clear in our App Store Review Guidelines that any App that targets minors 
for data collection will be rejected. 

II. Location Information and Location-Based Services for Mobile Devices 

As we stated in our testimony last summer, Apple began providing location-based 
services in January 2008. These services enable applications that allow customers 
to perform a wide variety of useful tasks such as getting directions to a particular 
address from their current location or finding nearby restaurants or stores. 

Apple offers location-based services on a variety of mobile devices, including the 
iPhone 3G, iPhone 3GS, iPhone 4 CDMA and GSM models, iPad Wi-Fi + 3G, iPad 
2 Wi-Fi and 3G and, to a more limited extent, older models of the iPhone, the iPad 
Wi-Fi, and iPod touch. 

All of Apple’s mobile devices run on Apple’s proprietary mobile operating system, 
iOS. Apple released iOS 4.1 on September 8, 2010. Apple released the current 
versions, iOS 4.3.3 and 4.2.8 (for the iPhone 4 CDMA model), on May 4, 2011. Cur- 
rently, iOS 4.3.3 may be run on iPhone 3GS, iPhone 4 GSM model, iPod touch 3rd 
and 4th generations, iPad, and iPad 2. My testimony focuses on iOS 4.1 and later 
versions, including the free iOS update Apple released on May 4, 2011. 

A. Location-Based Privacy Features 

Apple has designed features that enable customers to exercise control over the use 
of location-based services. 
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First, as you can see in the iPhone screenshots above, Apple provides its cus- 
tomers with the ability to turn “Off” all location-based service capabilities with a 
single “On/Off’ toggle switch. For mobile devices, the toggle switch is in the “Loca- 
tion Services” menu under “Settings.” As described more fully below, when this tog- 
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gle is switched “Off,” (1) iOS will not provide any location information to any appli- 
cations, including applications that may have previously received consent to use lo- 
cation information; (2) iOS will not collect or geo-tag information about nearby Wi- 
Fi hotspots or cell towers; and (3) iOS will not upload any location information to 
Apple from the device. 

Second, Apple requires express customer consent when any application requests 
location-based information for the first time. When an application requests the in- 
formation, a dialog box appears stating: “[Application] would like to use your cur- 
rent location.” The customer is asked: “Don’t Allow” or “OK.” If the customer clicks 
on “Don’t Allow,” iOS will not provide any location-based information to the applica- 
tion. This dialog box is mandatory — neither Apple’s applications nor those of third 
parties are permitted to override the notification. 

Third, iOS 4 permits customers to identify individual applications that may not 
access location-based information, even if Location Services is “On.” The Location 
Services settings menu provides an “On/Off’ toggle switch for each application that 
has requested location-based information. When the switch for a particular applica- 
tion is “Off,” no location-based information will be provided to that application. 

Fourth, Customers can change their individual application settings at any time. 
An arrow icon (>■) alerts iOS 4 users that an application is using or has recently 
used location-based information. This icon will appear real-time for currently run- 
ning applications and next to the “On/Off’ switch for any application that has used 
location-based information in the past twenty-four hours. 

Finally, customers can use Restrictions, also known as Parental Controls, on a 
mobile device to prevent access to specific features, including Location Services. 
When a customer enables Restrictions, the customer must enter a passcode (this 
passcode is separate from the device passcode that the customer may set). If the 
customer turns Location Services off and selects “Don’t Allow Changes,” the user of 
the device cannot turn on Location Services without that passcode. 

B. Location Information 

1. Crowd-Sourced Data base of Cell Tower Location and Wi-Fi. Hotspot Information 

Customers want and expect their mobile devices to be able to quickly and reliably 
determine their current locations in order to provide accurate location-based serv- 
ices. If the device contains a GPS chip, the device can determine its current location 
using GPS satellite data. But this process can take up to several minutes. Obvi- 
ously, if the device does not have a GPS chip, no GPS location data will be available. 

To provide the high quality products and services that its customers demand, 
Apple must have access to comprehensive location-based information. To enable 
Apple mobile devices to respond quickly (or at all, in the case of non-GPS equipped 
devices or when GPS is not available, such as indoors or in basements) to a cus- 
tomer’s request for current location information, Apple maintains a secure database 
containing information regarding known locations of cell towers and Wi-Fi access 
points — also referred to as Wi-Fi hotspots. As described in greater detail below, 
Apple collects from millions of Apple devices anonymous location information for cell 
towers and Wi-Fi hotspots. 3 From this anonymous information, Apple has been able, 
over time, to calculate the known locations of many millions of Wi-Fi hot spots and 
cell towers. Because the basis for this location information is the “crowd” of Apple 
devices, Apple refers to this as its “crowd-sourced” database. 

The crowd-sourced database contains the following information: 

Cell Tower Information: Apple collects information about nearby cell towers, 
such as the location of the tower(s), Cell IDs, and data about the strength of 
the signal transmitted from the towers. A Cell ID refers to the unique number 
assigned by a cellular provider to a cell, a defined geographic area covered by 
a cell tower in a mobile network. Cell IDs do not provide any personal informa- 
tion about mobile phone users located in the cell. Location, Cell ID, and signal 
strength information is available to anyone with certain commercially available 
software. 

Wi-Fi Access Point Information: Apple collects information about nearby Wi-Fi 
access points, such as the location of the access point(s), Media Access Control 
(MAC) addresses, and data about the strength and speed of the signal trans- 
mitted by the access point(s). A MAC address (a term that does not refer to 
Apple products) is a unique number assigned by a manufacturer to a network 
adapter or network interface card (“NIC”). MAC addresses do not provide any 
personal information about the owner of the network adapter or NIC. Anyone 


3 During this collection process, iOS does not transmit to Apple any data that is uniquely asso- 
ciated with the device or the customer. 
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with a wireless network adapter or NIC can identify the MAC address of a Wi- 
Fi access point. Apple does not collect the user-assigned name of the Wi-Fi ac- 
cess point (known as the “SSID,” or service set identifier) or data being trans- 
mitted over the Wi-Fi network (known as “payload data”). 

The crowd-sourced database does not reveal personal information about any cus- 
tomer. An Apple mobile device running Apple’s mobile device operating system, iOS, 
can use the crowd-sourced database to: (1) provide the customer with an approxi- 
mate location while waiting for the more precise GPS location, (2) find GPS sat- 
ellites much more quickly, significantly reducing the wait time for the GPS location, 
and (3) triangulate the device location when GPS is not available (such as indoors 
or in basements). The device performs all of these calculations in response to a re- 
quest for location information from an application on the customer’s device that has 
been explicitly approved by the user to obtain the current location, and the device 
requests from Apple the crowd-sourced database information needed for these cal- 
culations. 4 

The crowd-sourced database must be updated continuously to account for, among 
other things, the ever-changing physical landscape, more innovative uses of mobile 
technology, and the increasing number of Apple’s customers. In collecting and main- 
taining its crowd-sourced data base, Apple always has taken great care to protect 
its customers’ privacy. 

2. Downloading Crowd-Sourced Data To A Mobile Device 

To further improve the speed with which the device can calculate location, Apple 
downloads a subset of the crowd-sourced database content to a local cache on the 
device. This content describes the known locations of Wi-Fi hotspots 5 and cell tow- 
ers that the device can “see” and/or that are nearby, as well as nearby cell location 
area codes, 6 some of which may be more than one hundred miles away. The pres- 
ence of the local cache on the device enables the device to calculate an initial ap- 
proximate location before Apple’s servers can respond to a request for information 
from the crowd-sourced database. 

One useful way to think of our cell tower and Wi-Fi hotspot database is to com- 
pare it to a world map, like the Rand McNally World Atlas, for example. Like a 
world map, our database of cell towers and Wi-Fi hotspots contains the specific loca- 
tions of cell towers and Wi-Fi hotspots we have gathered. It doesn’t have any infor- 
mation about where any individual person or iPhone is located on that map at any 
time. The cache on your iPhone is like a series of localized city street maps. When 
you enter a new area that you haven’t been to or haven’t been for awhile, we 
download a subset of the World Atlas — a more localized map of cell towers and Wi- 
Fi hotspots to your iPhone for the iPhone itself to better assist you. Just as a street 
map of a city includes all the streets and intersections for many miles around you, 
it also has the street you are on in addition to all the streets around you, but it 
doesn’t know where you are at any time nor where you go or how often you go there. 
You use a street map to determine your precise location, relative to fixed points that 
are identified on the map. Similarly, your iPhone uses the fixed locations of the cell 
towers and WiFi hotspots to determine its own location relative to those points. 
Your iPhone, not Apple, determines its actual location without any further contact 
with Apple once it receives the city maps. Apple has no knowledge of your precise 
location. 

The local cache does not include a log of each time the device was near a par- 
ticular hotspot or cell tower, and the local cache has never included such a log. For 
each Wi-Fi hotspot and cell tower, the local cache stores only that hotspot’s/cell tow- 
er’s most recent location information, downloaded from Apple’s constantly updated 
crowd-sourced data base. After a customer installs the free iOS software update 
(iOS 4.3.3) Apple released on May 4, 2011, iOS will purge records that are older 
than 7 days, and the cache will be deleted entirely when Location Services is turned 
off. 


4 For devices running the iPhone OS versions 1.1.3 to 3.1, Apple relied on (and still relies on) 
data bases maintained by Google and Skyhook Wireless (“Skyhook”) to provide location-based 
services. Beginning with the iPhone OS version 3.2 released in April 2010, Apple relies on its 
own data bases to provide location-based services and for diagnostic purposes. 

5 For each Wi-Fi hotspot, the location information includes that hotspot’s MAC address, lati- 
tude/longitude coordinates, and associated horizontal accuracy number. For each cell tower, the 
location information includes the cell tower ID, latitude/longitude coordinates, and associated 
horizontal accuracy number. 

6 Cell base stations are grouped into “location areas” for network planning purposes, and each 
location area is assigned a unique “location area code.” This “location area code” is broadcast 
by the cell base stations. 
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The local cache is protected with iOS security features, but it is not encrypted. 
Beginning with the next major release of iOS, the operating system will encrypt any 
local cache of the hotspot and cell tower location information. 

Apple issued a free iOS software update on May 4, 2011. Prior to the update, 
iTunes backed up the local cache (stored in consolidated.db) as part of the normal 
device backup if there was a syncing relationship between the device and a com- 
puter. The iTunes backup, including consolidated.db, may or may not have been 
encrypted, depending on the customer’s settings in iTunes. After the software up- 
date, iTunes does not back up the local cache (now stored in cache. db). 

When a customer runs certain applications, those applications request location in- 
formation from iOS. Because of a bug that existed prior to the update, even when 
Location Services was off, the device would anonymously send the IDs of visible Wi- 
Fi hotspots and cell towers, without any GPS information, to Apple’s servers, Ap- 
ple’s servers would send back the known, crowd-sourced location information for 
those hotspots and cell towers (and nearby hotspots and cell towers), and the device 
would cache that information in the consolidated.db file. None of this downloaded 
crowd-sourced location information or any other location information was provided 
to or disclosed to the application. 

The iOS software update fixed the bug that caused crowd-sourced location infor- 
mation to be downloaded to the device while Location Services was off. iOS will now 
delete any existing local cache from consolidated.db and, if Location Services is off, 
(1) Apple will not download any crowd-sourced location information to the device, 
regardless of whether a specific application requests that information, and (2) iOS 
will delete any cache of this information stored in cache. db. 

3. Collections and Transmissions from Apple Mobile Devices 

Apple collects anonymous location information about Wi-Fi hotspots and cell tow- 
ers from millions of devices to develop and refine Apple’s database of crowd-sourced 
location information. The mobile devices intermittently collect information about Wi- 
Fi hotspots and cell towers they can “see” and tag that information with the device’s 
current GPS coordinates, i.e., the devices “geo-tag” hotspots and towers. 

This collected Wi-Fi hotspot and cell tower information is temporarily saved in a 
separate table in the local cache; thereafter, that data is extracted from the data 
base, encrypted, and transmitted — anonymously — to Apple over a Wi-Fi connection 
every twelve hours (or later if the device does not have Wi-Fi access at that time). 
Apple’s servers use this information to re-calculate and update the known locations 
of Wi-Fi hotspots and cell towers stored in its crowd-sourced data base. Apple can- 
not identify the source of this information, and Apple collects and uses this informa- 
tion only to develop and improve the Wi-Fi hotspot and cell tower location informa- 
tion in Apple’s crowd-sourced data base. After the device attempts to upload this 
information to Apple, even if the attempt fails, the information is deleted from the 
local cache database on the device. In versions of iOS 4.1 or later, moreover, the 
device will not attempt to collect or upload this anonymous information to Apple un- 
less Location Services is on and the customer has explicitly consented to at least 
one application’s request to use location information. 

4. Additional Location Information Collections 

If Location Services is on, Apple collects location information from mobile devices 
under the following four additional circumstances. 

First, Apple is collecting anonymous traffic data to build a crowd-sourced auto- 
mobile traffic database with the goal of providing iPhone users an improved traffic 
service in the next couple of years. This information is temporarily stored in the 
local cache on the device, anonymously uploaded to Apple, and then deleted from 
the device. 

Second, Apple collects anonymous diagnostic information from randomly-selected 
devices to evaluate and improve the performance of its mobile hardware and oper- 
ating system. For example, Apple may collect information about a dropped cell 
phone call, including the calculated location of the device when a call was dropped, 
to help identify and address any cell connection issues. Before any diagnostic infor- 
mation is collected, the customer must provide express consent to Apple. Apple can- 
not associate this information with a particular customer. 

Third, Apple obtains information about the device’s location (the latitude/lon- 
gitude coordinates) when an ad request is made. The device securely transmits this 
information to the Apple iAd servers, the iAd servers immediately convert the lati- 
tude/longitude coordinates to a five-digit zip code, and the iAd servers then discard 
the coordinates. Apple does not record or store the latitude/longitude coordinates — 
Apple stores only the zip code. Apple then uses the zip code to select a relevant ad 
for the customer. 
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Finally, if a customer has consented to an application’s collection and/or use of 
location information, iOS will provide current location information in response to a 
request from that application. iOS will provide that customer-approved application 
with the location of the device only; iOS does not provide applications with direct 
access to the local cache. 

III. Third-Party Applications And The iAd Network 

A. Third Party Applications 

In July 2008, Apple launched the App Store where customers may shop for and 
acquire applications offered by third-party developers for the iPhone, iPad and iPod 
touch. Currently the App Store includes more than 350,000 third-party applications 
covering a wide variety of areas including news, games, music, travel, health, fit- 
ness, education, business, sports, navigation and social networking. Each application 
includes a description prepared by the developer regarding, among other things, 
what the application does, when it was posted, and, if applicable, what information 
the application may collect from the customer. 

Any customer with an iTunes account may purchase and download applications 
from the App Store. Developers do not receive any personal information about cus- 
tomers from Apple when applications are purchased. Only Apple has access to that 
information. 

Third-party application developers must register with Apple, pay a fee, and sign 
a licensing agreement before getting an app on the App Store. The current licensing 
agreement contains numerous provisions governing the collection and use of user 
data, device data, and location-based information, including the following: 

• Developers and their Applications may not collect user or device data without 
prior user consent, and then only to provide a service or function that is directly 
relevant to the use of the Application, or to serve advertising; 

• Applications must notify and obtain consent from each customer before location 
data is collected, transmitted, or otherwise used by developers; 

• Developers may not use analytics software in their Applications to collect and 
send device data to a third party; 

• Developers must provide clear and complete information to users regarding 
their collection, use and disclosure of user or device data ( e.g ., a description on 
the App Store or adding a link to the applicable privacy policy). 

• Developers must take appropriate steps to protect customers’ data from unau- 
thorized use, disclosure or access by third parties. 

• If the customer denies or withdraws consent, applications may not collect, 
transmit, process or utilize the customer’s user or device data, including loca- 
tion data; 

• Developers must take appropriate steps to protect customers’ location-based in- 
formation from unauthorized use or access; 

• Developers must comply with all applicable privacy and data collection laws and 
regulations regarding the use or transmission of user and device data, including 
location-based information; 

• Applications must not disable, override, or otherwise interfere with Apple-im- 
plemented system alerts, display panels, consent panels and the like, including 
those intended to notify the customer that location-based information is being 
collected, transmitted, maintained, processed, or used, or intended to obtain 
consent for such use. 

Developers that do not agree to these provisions may not offer applications on the 
App Store. Apple has the right to terminate our licensing agreement with any devel- 
oper that fails to comply with any of these provisions. Apple reviews all applications 
before adding them to the App Store to ensure, for example, that they run properly 
and do not contain malicious code. 

B. The iAd Network 

On July 1, 2010, Apple launched the iAd mobile advertising network. The network 
can serve ads to iPhone, iPod touch, and iPad devices running iOS 4, and the net- 
work offers a dynamic way to incorporate and access advertising within applica- 
tions. Customers can receive advertising that relates to their interests (“interest- 
based advertising”) and/or their location (“location-based advertising”). For example, 
a customer who purchased an action movie on iTunes may receive advertising re- 
garding a new action movie being released in the theaters or on DVD. A customer 
searching for nearby restaurants may receive advertising for stores in the area. 
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As specified clearly in Apple’s privacy policy as well as in all relevant Apple de- 
vice software licensing agreements, customers may opt out of interest-based adver- 
tising by visiting the following site from their mobile device: https:/ / oo.apple.com. 
Customers also may opt out of location-based advertising by toggling the device’s 
location-based service capabilities to “Off.” 

For customers who do not toggle location-based service capabilities to “Off,” Apple 
collects information about the device’s location (latitude/longitude coordinates) when 
an ad request is made. This information is transmitted securely to the Apple iAd 
server via a cellular network connection or Wi-Fi Internet connection. The latitude/ 
longitude coordinates are converted immediately by the server to a five-digit zip 
code. Apple does not record or store the latitude/longitude coordinates — Apple stores 
only the zip code. Apple then uses the zip code to select a relevant ad for the cus- 
tomer. 

Apple does not share any interest-based or location-based information about indi- 
vidual customers, including the zip code calculated by the iAd server, with adver- 
tisers. Apple retains a record of each ad sent to a particular device in a separate 
iAd data base, accessible only by Apple, to ensure that customers do not receive 
overly repetitive and/or duplicative ads and for administrative purposes. 

In some cases, an advertiser may want to provide more specific information based 
on a device’s actual location. For example, a retailer may want its ad to include the 
approximate distance to nearby stores. A dialog box will appear stating: ‘“Advertiser’ 
would like to use your current location.” The customer is presented with two op- 
tions: “Don’t Allow” or “OK.” If a customer clicks “Don’t Allow,” no additional loca- 
tion information is transmitted. If the customer clicks “OK,” Apple uses the latitude/ 
longitude coordinates to provide the ad application with more specific location infor- 
mation — the information is not provided to the advertiser. 

In closing, let me again affirm that Apple is strongly committed to protecting our 
customers’ privacy. We give our customers clear notice of our privacy policies, and 
our mobile products enable our customers to exercise control over their personal in- 
formation in a simple and elegant way. We share the Committee’s concerns about 
the collection and potential misuse of all customer data, particularly personal infor- 
mation, and we appreciate this opportunity to explain our policies and procedures. 

I will be happy to answer any questions you may have. 

Senator Pryor. Thank you. 

Mr. Davidson? 

STATEMENT OF ALAN DAVIDSON, 

DIRECTOR OF PUBLIC POLICY, GOOGLE, INC. 

Mr. Davidson. Chairman Pryor, Chairman Rockefeller, members 
of the Subcommittee, my name is Alan Davidson, and I am the Di- 
rector of Public Policy for Google in North and South America. 

Thank you for the opportunity to testify at this important hear- 
ing and for the Committee’s leadership in helping companies and 
consumers grapple with these emerging privacy issues. 

My message today is simple. As we have heard, mobile services 
create enormous social and economic benefits, but they will not be 
used and they cannot succeed without consumer trust. That trust 
must be based on a sustained effort across our industry to protect 
user privacy and security, and we are committed to building that 
trust. 

First, a word about technology. Many of us are already experi- 
encing the benefits of mobile and location-based services. Things as 
simple as getting real-time traffic maps that help aid your com- 
mute or finding the closest gas station on your car’s GPS. 

Thousands of applications use location-based services to help con- 
nect consumers and businesses. The U.S. Postal Service offers an 
app to help users find post offices and mailboxes based on their lo- 
cation. You can find the closest cheeseburger using the Five Guys 
app, or find your nearby friends on Foursquare. 
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And the value of location-based services extends far beyond con- 
venience. These services can be lifesavers. Mobile location services 
can help you find the nearest hospital or police station, or let you 
know where you can fill a prescription at 1:00 in the morning for 
a sick child. And that is just the start. 

We are now working with partners like the National Center for 
Missing and Exploited Children to explore how to deliver AMBER 
Alerts about missing children within seconds to users nearby. And 
mobile services may soon be able to alert people in the path of a 
tornado or a tsunami, or guide them to a evacuation route in the 
event of a hurricane, as I believe, Chairman Pryor, you heard in 
your hearing in the Homeland Security Committee. 

The rapid adoption of these services has been remarkable. For 
example, on our popular Google Map service, in the past year, 40 
percent of our usage has shifted to mobile devices. Every month, 
over 150 million people now regularly turn to Google Maps on their 
Android, iPhone, BlackBerry, or other mobile phone. 

So mobile services are having growing importance in our econ- 
omy. According to recent market reports, their potential economic 
impact is staggering. These services are creating jobs and new 
businesses, and they are increasing jobs in existing businesses. 

But here is the thing. To succeed in the long run, mobile services 
require consumer trust that is based on strong privacy and security 
protections. At Google, we focus on privacy protection throughout 
the life of our products, starting with the initial design. We sub- 
scribe to the view that by focusing on the user, all else will follow. 
So we use information where it provides value to consumers, and 
we implement strong controls for information sharing, applying the 
principles of transparency, choice, and security. 

When it comes to mobile services, for example, we are extremely 
sensitive with location information. We have made our mobile loca- 
tion services opt-in only, treating this information with the highest 
degree of care. 

So here is how the opt-in works on Android. When I took my An- 
droid phone — actually, this Android phone — out of its box, one of 
the first screens I saw asked me, in plain language, to affirmatively 
choose whether or not to share location information with Google. A 
screen shot of this process is included in our testimony, and it is 
on the board at the end of the row here. 

If a user doesn’t choose to opt-in at setup or doesn’t go into their 
settings later to turn it on, the phone will not send any location 
information back to Google’s location servers. If a user does opt-in, 
all the location data that is sent back to Google’s location servers 
is anonymized, and it is not traceable to a specific user or device. 
And users can later change their minds and turn it off. 

Beyond this, the Android operating system notifies users when- 
ever a third-party application will be given permission to access lo- 
cation information before the user installs the app. That way, the 
user has the opportunity to cancel the installation if they don’t 
want information collected. 

We believe this approach is essential for location services and is 
a good example of how to handle this kind of sensitive informa- 
tion — highly transparent information for users about what is being 
collected, opt-in choice before location information is collected, and 
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high security standards to anonymize and protect information. Our 
hope is that this becomes a standard for the broader industry. 

The strong privacy and security practices I have described are a 
start. There is more to do. We salute the active role this committee 
has taken to educate consumers, and we commend what you are 
doing to bring stakeholders together to develop a comprehensive 
approach to privacy. 

The issues raised are clearly challenging, but finding answers is 
critical to maintaining consumer trust, protecting innovation, and 
supporting the rapid economic growth generated by these services. 
We look forward to continued conversations with the Committee. 

Thank you. 

[The prepared statement of Mr. Davidson follows:] 

Prepared Statement of Alan Davidson, Director of Public Policy, 

Google Inc. 

Chairman Pryor, Ranking Member, and members of the Committee: 

I am pleased to appear before you this morning to discuss mobile services, online 
privacy, and the ways that Google protects our users’ personal information. My 
name is Alan Davidson, and I am Google’s Director of Public Policy for the Amer- 
icas. In that capacity, I oversee our public policy operations in the United States, 
and work closely with our legal, product, and engineering teams to develop and com- 
municate our approach to privacy and security, as well as other issues important 
to Google and our users. 

Google is most well known for our search engine, which is available to Internet 
users throughout the world. We also make Android, an open operating system for 
mobile devices that in a few short years has grown from powering one device (intro- 
duced in the fall of 2008) to more than 170 devices today, created by 27 manufactur- 
ers. We also offer dozens of other popular services, from YouTube to Gmail to Google 
Earth. 

Our business depends on protecting the privacy and security of our users. Without 
the trust of our users, they will simply switch to competing services, which are al- 
ways just one click away. For this reason, location sharing on Android devices is 
strictly opt-in for our users, with clear notice and control. This is the way these 
services should, work — with opt-in consent and clear, transparent practices, so con- 
sumers can make informed decisions about the location-based services that are so 
popular. 

This is also why we are educating parents and children about online safety, and 
working with groups like ConnectSafely and Common Sense Media to address the 
important issues of digital literacy and citizenship, including how to use Google’s 
privacy, security, and family safety tools. 

• In my testimony today, I’ll focus on three main points: 

• Location-based services provide tremendous consumer benefit; 

• Google is committed to the highest standards of privacy protection in our serv- 
ices, as demonstrated in our approach to mobile services, content controls, con- 
sumer education, advertising, and security; and 

• Congress has an important role in helping companies build trust and create ap- 
propriate baseline standards for online privacy and security. 

I. Location-based services provide tremendous value to consumers 

Mobile services are creating enormous economic benefits for our society. A recent 
market report predicts that the mobile applications market will be worth $25 billion 
by 2015. McKinsey estimates that personal location applications will generate as 
much as $700 billion in consumer value in the next 8 years. 

People can use mobile services to get driving directions from their current loca- 
tion, identify a traffic jam and find an alternate route, and look up the next movie 
time at a nearby theater. Location can even make search results more relevant: If 
a user searches for “coffee” from a mobile phone, she is more likely to be looking 
for a nearby cafe than the Wikipedia entry describing coffee’s history. In the last 
year, a full 40 percent of Google Maps usage was from mobile devices. There are 
now 150 million active monthly Google Maps for Mobile users on Android, iPhone, 
BlackBerry, and other mobile platforms in more than 100 countries. 
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Thousands of other organizations and entrepreneurs offer applications that use lo- 
cation services to provide helpful products. For example, the U.S. Postal Service of- 
fers an application to help users find nearby post offices and collection boxes, based 
on their location. If you want a Five Guys burger, their application will find a loca- 
tion for you, and even lets you order in advance. Services such as Yelp and 
Urbanspoon use location to provide local search results, while applications like 
Foursquare let users find nearby friends who have chosen to share their location. 


The value of the major levers increases to more than $800 billion by 2020 
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GPS navigation (including smart routing based on 
real-time traffic) 
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1 For sizing the value of geo-targeted mobile advertising, service providers are defined as those that sell advertising inventory, 
e.g., advertising platform providers; customers are defined as the marketers who purchase advertising inventory. 

2 Individual retailer will gain top-line increase, which represents a value shift rather than value creation at macro-level. 

Source; McKinsey Global Institute analysis. 

Mobile location data can even save lives. In crisis situations, people now turn to 
the Internet to find information. Within a few hours of the Japan earthquake, for 
example, Google saw a massive spike in search queries originating from Hawaii re- 
lated to “tsunami.” We placed a location-based alert on the Google homepage for tsu- 
nami alerts in the Pacific and ran similar announcements across Google News, 
Maps, and other services. In cases like the Japanese tsunami or the recent torna- 
does in the U.S., a targeted mobile alert from a provider like Google, or from a pub- 
lic enhanced 911 service, may help increase citizens’ chances of getting out of harm’s 
way. 

Other emergency notifications like AMBER alerts can be improved using location 
data, too. In the past, a parent’s best hope of finding a missing child might have 
been a picture on a milk carton. Google works with the National Center for Missing 
and Exploited Children (NCMEC) in an ongoing partnership to develop technology 
solutions that help them achieve their mission. Today, modern tools and information 
can make NCMEC’s AMBER alerts more effective and efficient through location- 
based targeting — within seconds of the first report, an AMBER alert could be dis- 
tributed to all users within one-mile of the incident. As Ernie Allen, NCMEC’s 
President and CEO, wrote last week: 


Google’s contributions to our Missing Child Division have also been significant. 
Your tools and specialized engineering solutions assist our case managers in the 
search for missing children. . . . We eagerly await the completed development 
of the AMBER Alert tool, which will expand the reach and distribution of 
AMBER alerts to Google users and will surely have enormous potential for 
widespread dissemination of news about serious child abduction cases. Thank 
you for your continued efforts to give children the safer lives that they deserve. 
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None of these services or public safety tools would be possible without the location 
information that our users share with us and other providers, and without the mo- 
bile platforms that help businesses and governments effectively reach their audi- 
ences. 

II. Google is committed to the highest standards of privacy protection in 
our services 

Google would not be able to offer these services — or help create the economic and 
social value generated from location data — if we lost the trust of our users. At 
Google, privacy is something we think about every day across every level of our com- 
pany. It is both good for our users and critical for our business. 

Our privacy principles 

Privacy at Google begins with five core principles, which are located and available 
to the public at www.google.com / corporate / privacy principles.html: 

• Use information to provide our users with valuable products and services. 

• Develop products that reflect strong privacy standards and practices. 

• Make the collection and use of personal information transparent. 

• Give users meaningful choices to protect their privacy. 

• Be a responsible steward of the information we hold. 

First, as with every aspect of our products, we follow the axiom of “focus on the 
user and all else will follow.” We are committed to using information only where 
we can provide value to our users. We never sell our users’ personally identifiable 
information. This is simply not our business model. 

Second, we aim to build privacy and security into our products and practices from 
the ground up. From the design phase through launch, we consider a product’s im- 
pact on our users’ privacy. And we don’t stop at launch; we continue to innovate 
and iterate as we learn more from users. 

Our last three principles lay out our substantive approach to privacy: We are com- 
mitted to transparency , user control, and security. 

Internal process and controls 

Google also reflects these principles in our development process and employee 
training. As we recently explained, we have begun to implement even stronger inter- 
nal privacy controls with a focus on people, training, and compliance. 

All this process is aimed at ensuring that products match our philosophy and 
avoid mistakes that jeopardize user trust — like the launch of Google Buzz, which fell 
short of our standards for transparency and user control. To help make sure we live 
up to this promise, we entered into a consent decree with the Federal Trade Com- 
mission this year, under which we’ll receive an independent review of our privacy 
procedures every 2 years. In addition, we’ll ask users to give us affirmative consent 
before we change how we share their personal information. 

Products reflecting principles: Opt-in location controls on Android 

We understand location information is sensitive. So our approach to location data 
is simple: Opt-in consent and clear notice are required for collection and use of loca- 
tion information on Android. 

We don’t collect any location information — any at all — through our location serv- 
ices on Android devices unless the user specifically chooses to share this information 
with Google. We also give users clear notice and control; the set-up process explicitly 
asks users to “allow Google’s location service to collect anonymous location data.” 
And even after the set-up process, users can easily turn off location sharing with 
Google at any time they wish. 

The location services in our Android operating system embody the transparency 
and control principles that we use to guide our privacy process. We hope that this 
will be a standard for the industry. 

Google is also very careful about how we use and store the data that is generated 
by these services. The location information sent to Google servers when users opt 
in to location services on Android is anonymized and stored in the aggregate. It’s 
not tied or traceable to a specific user. The collected information is stored with a 
hashed version of an anonymous token, and that hashed token is deleted after ap- 
proximately one week. A small amount of location information regarding nearby Wi- 
Fi access points and cell towers is kept on the Android device to help the user con- 
tinue to enjoy the service when no server connection is available and to improve 
speed and battery life. 

In order to provide these location services, many companies detect nearby, pub- 
licly available signals from Wi-Fi access points and cell towers and use this data 
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to quickly approximate a rough position, even while they may be working on a more 
precise GPS-based location. This can be done by using information that is publicly 
broadcast (for example, that list of Wi-Fi access points you see when you use the 
“join network” option on your computer). Companies like Skyhook Wireless and 
Navizon compile such information and license the data to many industry leaders. 

Google has a similar location service called the Google Location Server — an Inter- 
net database that uses Wi-Fi access points and cell towers to determine an esti- 
mated location and that uses GPS information to estimate road traffic. Device man- 
ufacturers can license the Network Location Provider application for Android from 
Google. This Network Location Provider is turned off by default. It can be turned 
on by the user during the phone’s initial setup or in the device settings. 
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The user can opt-in to turn on the Network Location Provider on their Android 
phone from within the device settings. 

The Android operating system is built on openness, with the goal of encouraging 
developers to innovate. With this principle in mind, Google does not decide which 
applications can access location or other user information from the device. Instead, 
the Android operating system uses a permissions model in which the user is auto- 
matically informed of certain types of information an application will be able to ac- 
cess. The user may choose to trust the application by completing the installation or 
the user may choose to cancel the installation. An application can only access the 
device’s GPS location or the device’s network location if it displays a notice for this 
permission to the user at time of installation. 

When Google creates an Android application, like Google Maps for mobile devices, 
Google is responsible for how the application collects and handles data and for the 
privacy disclosures made to users, and generally applies the Google Mobile Terms 
of Service and the Google Mobile Privacy Policy. These privacy policies are also 
clearly displayed to the user when the user first signs into the Android device. 

When an Android application is not developed by Google, the application devel- 
oper bears the responsibility for its design and its use of data. Google does not and 
cannot control the behavior of third party applications, or how they handle location 
information and other user information that the third party application obtains from 
the device. Google does strongly encourage application developers to use best prac- 
tices as described in this Google blog post. 

How our products reflect our principles: Parental controls and family safety 

While Google does not offer services directed at children, we try to provide fami- 
lies with the tools and education to ensure a positive and safe experience on our 
services. In addition to our work with NCMEC and others to protect children, our 
major consumer education initiatives include: 

• Android Market content ratings. The content rating system is a new feature of 
Android Market that requires developers to rate their apps in one of four cat- 
egories, in accordance with our guidelines: Everyone, Low-, Medium-, or High- 
Maturity. Developers are responsible for rating the apps, and if users come 
across incorrectly rated apps, they can flag them for review. 

• SafeSearch on Mobile. Just as with Google Web Search on desktop, Google’s 
SafeSearch filter is accessible on mobile for users who search on a mobile 
browser. SafeSearch uses advanced technology to block sexually explicit images 
and text from search results. Users can customize and lock their SafeSearch 
settings to “Strict” or “Moderate” by clicking on the “Settings” link to the top 
right comer of the homepage on Google.com. 

• Digital Literacy initiative. To help educate families about responsible Internet 
use, we developed a curriculum with iKeepSafe that teaches teens to recognize 
online risks, investigate and determine the reliability of websites, and avoid 
scams. We’ve sponsored a tour that iKeepSafe is taking across the country to 
bring the curriculum into local communities and classrooms. 

• Family Safety Center. In cooperation with the Federal Trade Commission’s 
OnGuardOnline initiative and other child safety advocates and experts, we built 
a one-stop shop for families, available at www.google.com/familysafety, to pro- 
vide step-by-step instructions for using safety tools built into Google products 
and other best practices for families to consider. In response to popular re- 
quests, we’ve added a section about managing geolocation features on mobile 
phones. 

• Net Safety Tips on the Go app. The Internet Education Foundation, in partner- 
ship with Google and others, created an app to help users keep up with online 
privacy, safety, and security issues on your Android phone. It provides quick, 
practical, friendly advice for you and your family. The tips, developed by leading 
online safety organizations, cover important issues like mobile privacy and safe- 
ty, sexting and cyberbullying, social networking safety, and avoiding identity 
theft. 

How our products reflect our principles: Advertising and privacy 

John Wanamaker, considered by some to be the father of modern advertising, 
once remarked that “half the money I spend on advertising is wasted; the trouble 
is I don’t know which half.” Google’s advertising products are aimed at eliminating 
that wasted half, bringing data-driven efficiency to advertising. But as we work to 
bring more relevant and useful ads to our users, we continually seek to preserve 
transparency and user control over the information used in our ad system. 
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Google was not the first to offer interest-based advertising (known as IBA) online, 
but when we launched IBA, in March 2009, we included a number of 
groundbreaking privacy features. Google’s interest-based ads contain notice in the 
actual advertisement indicating that it is a Google ad. The in-ad notice is linked 
to information about IBA, including our Ads Preferences Manager, which allows 
users to change the interest categories used to target ads, or to opt-out of interest- 
based advertising altogether. Note that we do not serve interest-based ads based on 
sensitive interest categories such as health status or categories relating to kids. We 
are also participating in the industry-wide ad targeting notice and opt-out program. 

We have seen that for every visitor that opts out of IBA on this page, seven users 
view or edit their settings and choose to remain opted in. We take from this that 
online users appreciate transparency and control, and become more comfortable 
with data collection and use when we offer it on their terms and in full view. 

Recently, discussions about online ad targeting have centered on the ability of 
users to indicate a desire to opt out of this profiling and targeting by all online pro- 
viders — sometimes called Do Not Track. In January, Google sought to further en- 
courage consistency and ease of control over online targeting by launching the Keep 
My Opt-Outs Chrome extension, which enables all providers participating in ever- 
expanding industry self-regulatory programs to make their IBA opt outs permanent 
via a simple browser-based mechanism. As new opt outs come online, we will auto- 
matically update this extension to keep users up to date. In the first few months, 
more than 100,000 users have already installed and are using the extension. We 
even released this tool on an open-source basis so that other developers can exam- 
ine, assess, enhance, or even extend the code’s capabilities. Additionally, we are de- 
veloping versions of Keep My Opt Outs that work on other major browsers. 

Just last month, we extended our advertising privacy approach to our mobile ap- 
plication ad networks. These networks help mobile app developers make money 
from their products. For these ad systems, we have created a user-friendly solution 
involving anonymization, user control, and user notice. First, Google performs a one- 
way, non-reversible hashing of a device identifier to create an anonymous ID specifi- 
cally for ad serving. Second, for both Android and iPhone users we give consumers 
an easy way to opt out the use of their device identifier by Google’s advertising serv- 
ices altogether. Third, we are notifying all users of how we customize ads and their 
opt-out controls with clear notice as you see here. 


© Google uses anonymized information about your 
mobile device to customize the ads you see while 
using apps. Learn more and control your settings 


Because the mobile application interfaces are more limited, we chose to rotate 
full-size privacy notices in with other advertisements, rather than use an icon, 
which is hard to see or click on the smaller mobile screen. 

How our products reflect our principles: Security through encryption and two-step 
verification 

Along with transparency and user control, strong security for users of Google’s 
services to protect against hackers and data breach is vital. 

For example, Google was the first (and still only) major webmail provider to offer 
session-wide secure socket layer (SSL) encryption by default. Usually recognized by 
a Web address starting with “https” or by a “lock” icon, SSL encryption is used for 
online banking and other secure transactions. Users can also encrypt search. Just 
type “ https .7 / encrypted.google.com” into your browser to encrypt your search queries 
and results. We hope other companies will soon join our lead. 

In March of last year Google introduced a system to notify users about suspicious 
activities associated with their accounts. By automatically matching a user’s IP ad- 
dress to broad geographical locations, Google can help detect anomalous behavior, 
such as a log-in appearing to come from one continent only a few hours after the 
same account holder logged in from a different continent. Thus, someone whose 
Gmail account may have been compromised will be notified and given the oppor- 
tunity to change her password, protecting herself and her contacts. 
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Finally, we recently released 2-step verification for consumer Gmail accounts, 
which allows users who are concerned about the security of their account to use a 
password plus a unique code generated by a mobile phone to sign in. It’s an extra 
step, but it’s one that significantly improves the security of a Google Account. Now, 
if someone steals or guesses a Gmail user’s password, the potential hijacker still 
cannot sign in to the user’s account because the hijacker does not have the user’s 
phone. We are already hearing stories from our users about how this extra layer 
of security has protected them from phishing attacks or unauthorized access. 

III. Congress should act to build trust and create appropriate baseline 
standards 

Congress has a vital role to play in encouraging responsible privacy and security 
practices, both by bringing attention to these issues and through legislation where 
appropriate. 

The first step Congress can take, and one on which we can all find common 
ground, is the need for basic “digital citizenship” education for parents, children, 
teens, and all consumers. Digital skills are essential life skills in a 21st century 
economy, including understanding basic technical concepts like how to create a safe 
password and avoid online scams, to critical thinking such as evaluating whether 
information on a blog is reliable or not. It is crucial that Congress and providers 
work together to create resources for programs that address these issues and pro- 
mote them to all consumers, particularly parents and educators. 

A second area for careful consideration is legislation. Google supports the develop- 
ment of comprehensive, baseline privacy framework that can ensure broad-based 
user trust and that will support continued innovation. We salute the work of Sen- 
ators Kerry and McCain to develop a comprehensive approach to this issue, based 
on the same principles of transparency, control, and security we apply to our own 
services. We look forward to continued conversations about this bill as it evolves. 

Key considerations for any comprehensive approach to privacy include: 

• Even-handed application. A pro-innovation privacy framework must apply even- 
handedly to all personal data regardless of source or means of collection. Thus, 
offline and online data collection and processing should, where reasonable, in- 
volve similar data protection obligations. 

• Recognition of benefits and costs. As with any regulatory policy, it is appropriate 
to examine the benefits and costs of legislating in this area, including explicit 
attention to actual harm to users and compliance costs. 

• Consistency across jurisdictions. Generally, Internet users neither expect nor 
want different baseline privacy rules based on the local jurisdiction in which 
they or the provider reside. Moreover, in many instances, strict compliance with 
differing privacy protocols would actually diminish consumer privacy, since it 
would require Internet companies to know where consumers are located at any 
given time. 

By the same token, in general we do not support a continued “siloed” approach 
to privacy law. While much of today’s debate centers on location information and 
“Do Not Track” advertising privacy proposals, providers and consumers need a com- 
prehensive approach that will set consistent, baseline principles for these issues and 
those to come in the future. Otherwise, this Committee and others will be returning 
term after term to address the latest new technology fad. 

Moreover, industry response to the advertising privacy issue has been encour- 
aging. In a few short months, all major browser companies have introduced new 
controls, and the advertising and online publishing industries have come together 
to announce uniform standards for notice and control over targeted ads. 

We can, however, suggest two concrete areas where Congress can act immediately 
to strengthen Americans’ privacy protections and provide consistency for providers. 

Congress should promote uniform, reasonable security principles, including data 
breach notification procedures. We pride ourselves at Google for industry-leading se- 
curity features, including the use of encryption for our search and Gmail services. 
But we need help from the government to ensure that the bad acts of criminal hack- 
ers or inadequate security on the part of other companies does not undermine con- 
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sumer trust for all services. Moreover, the patchwork of state law in this area leads 
to confusion and unnecessary cost. 

In addition, the Electronic Communications Privacy Act, the U.S. law governing 
government access to stored communications, is outdated and out of step with what 
is reasonably expected by those who use cloud computing services. ECPA worked 
well for many years, and much of it remains vibrant and relevant. In significant 
places, however, a large gap has grown between the technological assumptions made 
in ECPA and the reality of how the Internet works today, leaving us in some cir- 
cumstances with complex and baffling rules that are both difficult to explain to 
users and difficult to apply. 

As part of the Digital Due Process coalition, we are working to address this issue. 
The Digital Due Process coalition includes members ranging from AT&T to Google 
to Americans for Tax Reform to the ACLU. It has put forward common sense prin- 
ciples that are designed to update ECPA, while ensuring that government has the 
legal tools needed to enforce the laws. 

Particularly relevant to today’s hearing, the coalition seeks to: 

• Create a consistent process for compelled access to data stored online. Treat pri- 
vate communications and documents stored online the same as if they were 
stored at home and require a uniform process before compelling a service pro- 
vider to access and disclose the information. 

• Create a stronger process for compelled access to location information. Create a 
clear, strong process with heightened standards for government access to infor- 
mation regarding the location of an individual’s mobile device. 

Advances in technology rely not just on the smart engineers who create the new 
services, but also on smart laws that provide the critical legal underpinning for con- 
tinued innovation and adoption of the technology. We hope to work with this Com- 
mittee and with Congress as a whole to strengthen these legal protections for indi- 
viduals and businesses. 

* * * 

Google appreciates the efforts of this subcommittee to address the critical privacy 
and security issues facing consumers. We look forward to working with you, and to 
answering any questions you might have about our efforts. 

Thank you. 

Senator Pryor. Thank you. 

Ms. Shenkan? 

STATEMENT OF AMY GUGGENHEIM SHENKAN, PRESIDENT 

AND CHIEF OPERATING OFFICER, COMMON SENSE MEDIA 

Ms. Shenkan. Good morning, Mr. Chairman, members of the 
Committee, and thank you for this opportunity to discuss the cru- 
cial issue of protecting consumer privacy in this marketplace. 

The hearing is timely, and the stakes are high, especially for our 
nation’s kids. I want to talk about two things today. Why is privacy 
such an important issue? And what is the Common Sense Media 
position on what we must do about it? 

So why is this so important? Let me start by saying that Com- 
mon Sense Media embraces media and technology. One of our 
founding beliefs is that we love media, but we and the millions of 
parents who use our resources are increasingly worried about 
threats to children’s privacy in a rapidly changing mobile and dig- 
ital world. 

Eighty-five percent of parents we polled said they are more con- 
cerned about privacy than they were 5 years ago. Let me also pref- 
ace by saying that Common Sense Media understands and appre- 
ciates the Internet economy and the sheer brilliance of what these 
companies have invented. 

We live and work in Silicon Valley. That is why it is so jarring 
to hear their “can’t do” attitude when it comes to inventing techno- 
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logical solutions to protect kids. We get half measures after the 
fact, and then they only offer partial solutions. They can do better. 
We know it. And we believe they know it. 

Parents and kids are rightly concerned. So why do we worry? 
Two reasons. First, kids live their lives online. Kids don’t just ac- 
cess content anymore. They create it. Our kids are growing up in 
public. 

Many of the people in this room can attest to how hard it is to 
be a public figure. Imagine if you are only 13 and had an unflat- 
tering picture of you spread across the web, as has happened to 
hundreds of kids in high schools across the country. Seven and a 
half million kids under 13 are on Facebook, and millions more 
teens. 

Second, we are also seeing too many examples of how our privacy 
is not protected in this world. We all know that Sony just experi- 
enced a security breach, which exposed personal data of more than 
100 million — 100 million — of its online video game users. And the 
list goes on. 

This hearing is specifically around mobile, and for good reason. 
The mobile world puts all the privacy issues that we have talked 
about for years on steroids. Why? I will list a couple of reasons. 

Mobile phones are tied to a specific person. Most computers 
aren’t. Because there are more opportunities for tracking, with a 
mobile device you have someone’s location, and it is always with 
you. And we found out that it is always busy during the night as 
well for many people today. 

The average smartphone owner spends more time on apps than 
they do talking on it or browsing the web. This is an issue because 
mobile apps are far less transparent about how they use your data 
than most websites. Nearly three-quarters don’t even have a basic 
privacy policy, and mobile browsers don’t have nearly as many pri- 
vacy controls as Web browsers do. 

In the end, we are all involved in protecting kids’ privacy in the 
online and mobile world. But we can also protect our — but we can’t 
protect our kids’ privacy if companies and operators aren’t pro- 
viding real opportunities to do so. 

So what do we at Common Sense Media propose? We urge Con- 
gress to bolster laws protecting essential privacy for our Nation’s 
children and teens. There are five principles which should be es- 
sential elements of any new legislation from Congress. 

First of all, number one, the industry standard for all privacy 
should be opt-in, especially for kids and teens, private by default 
and public by effort. And today, it is the other way around. 

Number two, privacy policies should be clear and transparent. 
You shouldn’t need to hold a degree from Harvard Law School to 
figure out how to decode a privacy policy. 

Three, no behavioral tracking of kids. There are limits on adver- 
tising to kids on TV and cable, not on the web. Kids are not little 
consumers. They are children. Let us not invade their privacy and 
then pummel them with ads. 

Number four, parents and kids should be able to easily delete on- 
line information. Too often we hear about young people who post 
information they later regret and find that they can never fully de- 
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lete it from the online world. We have to protect these kids from 
permanent damage. 

And finally, number five, we must vastly increase education and 
information about online privacy. Kids and parents need to do their 
part to protect privacy and the privacy of their friends. A large- 
scale, multi-year education campaign would help them learn how 
to do so effectively. Industry leaders could play an important role 
in this and should be required to finance it. 

Honestly, we wonder why leading tech companies seem to con- 
sider privacy implications for children and teens only after the fact. 
These considerations should be baked into the design phase of a 
product or service. Companies now successfully do this for dis- 
ability access. Why can’t we do it for kids’ privacy? 

A founder of a popular social networking company commented 
last week in a Washington Post interview that, and I quote, “We 
will figure things out as we go along,” when asked about special 
privacy considerations for youth. Come on, we have got to do better 
than that. 

We all need to work together to find solutions in this space, and 
we need the tech companies to bring their innovation skills to this 
crucial and shared goal of protecting our Nation’s kids. 

Thank you. 

[The prepared statement of Ms. Shenkan follows:] 

Prepared Statement of Amy Guggenheim Shenkan, President 
and Chief Operating Officer, Common Sense Media 

“Protecting Privacy — Especially for Kids — in a Mobile and Digital World” 

Good morning, Mr. Chairman, and members of the Committee, and thank you for 
this opportunity to discuss the crucial issue of protecting consumer privacy in the 
mobile marketplace. 

Common Sense Media is a non-profit, non-partisan organization dedicated to im- 
proving the lives of kids and families by providing the trustworthy information, edu- 
cation, and independent voice they need to thrive in a world of media and tech- 
nology. 

Nearly two million people visit the Common Sense website every month for re- 
views and parent tips about media content and the digital media world. Tens of mil- 
lions more access our advice and information through our distribution partnerships 
with leading companies like Comcast, DIRECTV, Time Warner Cable, Cox Commu- 
nications, Facebook, Yahoo!, Google, Apple, Disney, Netflix, Best Buy, and more. 

Common Sense Media commends the Chairman and the Committee for this timely 
hearing on consumer privacy. The stakes couldn’t be higher for all of us, and espe- 
cially for our nation’s kids. 

Today, millions of kids don’t just go online, they seem to live their lives online. 
Children and teens today are growing up in a media environment that provides an 
ever-present and ever-changing experience in a new digital landscape — an environ- 
ment that is changing childhood. A recent study by Consumer Reports estimated 
that 7.5 million kids under age 13 are lying about their age to be on Facebook — 
and that 5 million of those kids are age 10 and under. There are tens of millions 
more who are 13 through 17. 

And kids don’t just access content online, they create it. They don’t simply inter- 
act with their peers online, but with adults and companies too. 

And in contrast to the childhoods we all had, today’s children are growing up in 
public. They post, search, copy, “friend,” “un-friend,” tweet, create, distribute, and 
connect through social networks, apps, and other digital services in ways that can 
be seen by millions around the world and gleaned by companies as well, including — 
but not limited to — the companies represented here today. 

The Internet is a worldwide platform for accessing information and realizing new 
educational opportunities, possessing resources for both entertainment and learning. 
Yet, with all of the wondrous things that the Internet brings to children and teens, 
the interaction that such kids have with digital technology, apps, and services raises 
significant concerns about kids’ privacy. 
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Overall concern about consumer privacy is clearly growing. In a Common Sense 
Media/Zogby International poll last fall, 85 percent of parents said they are more 
concerned about online privacy than they were 5 years ago. 

Moreover, privacy is a concern expressed not only by parents — but by kids too. 
The same poll found that 91 percent of parents (and 81 percent of teens) say search 
engines and social networking sites should not share their physical location with 
other companies without their specific authorization. 

Yet, lest you think that Common Sense Media is a Luddite organization, let me 
emphasize that we embrace technological change and innovation and the manifold 
benefits the Internet and digital media bring to children and teens. One of our 
founding beliefs is that “we love media.” Like the millions of parents and teachers 
who come to Common Sense for information, we want to find the best things that 
the digital media world offers for kids — and there are many great things — but also 
want to avoid the things that may not be appropriate for them, especially at young- 
er ages. 

We simply believe that a far better balance can and must be struck. A balance 
that makes available the rich resources of the Internet — but that also protects chil- 
dren and teens from privacy invasions and inappropriate targeted marketing and 
behavioral advertising. There is no such balance today, and the basic well-being of 
our children and teens is at risk as a result. 

We believe that balance is being struck in a bipartisan way on the House side 
by legislation introduced by Rep. Ed Markey (D-MA) and Rep. Joe Barton (R-TX), 
the first major kids’ privacy legislation introduced since 13 years ago — when the 
founder of F acebook was in grade school. 

And as much as we embrace overarching, comprehensive privacy protections for 
consumers — and especially kids — for all Internet technologies and services, it is 
clear that the ability to track the mobile whereabouts and habits of an individual 
as she or he moves throughout our society raises hyper-sensitive privacy issues. Pri- 
vacy is an issue everywhere in the online world, but in the mobile world, privacy 
is an issue on steroids. And this Nation must address the issue of mobile privacy 
now. We cannot overstate the urgency of this moment. 

For kids, this is absolutely critical — knowing what a child or teen does online at 
home is one thing. Knowing where they go after school, with whom they visit, what 
they search for, and what hours they spend where around town is not only incred- 
ibly invasive, it is potentially very dangerous and a fundamental violation of their 
personal privacy and self-interest. Mobile companies and app developers that have 
a cavalier attitude about this topic need a very clear wake-up call. While all adults 
should have “opt-in” protections for location information for all mobile services and 
apps, it is vitally important to move immediately to protect children and teens in 
the mobile environment. 

Concerns about mobile technology and geolocation have been reinforced in several 
recent surveys and studies. For example: 

• In a survey by TRUSTe, an industry-based organization, 77 percent of 
smartphone users said that they don’t want to share their location with app 
owners and developers. 

• In a recent Nielsen survey of mobile subscribers who downloaded an application 
within the previous 30 days, more than half (59 percent of women and 52 per- 
cent of men) said they are concerned about their privacy when using geolocation 
services and check-in apps. 

• A new study by the Future of Privacy Forum analyzed the top 30 paid mobile 
apps across the leading operating systems (iOS, Android, & Blackberry) and 
found that 22 of them -nearly three-quarters — lacked even a basic privacy pol- 
icy. This is outrageous, especially because kids are such huge users! 

It is obvious to most of us and clearly to most parents that our existing protec- 
tions for privacy and personal information online are grossly inadequate and in no 
way keeping pace with the rapid changes of our digital and mobile media world. 

Congress must address this critical issue for kids and families now. Congress en- 
acted legislation in the late 1990s addressing wireless location information from 
wireless carriers requiring such companies to obtain the “prior express authoriza- 
tion” of the subscriber for using location information for commercial purposes. But 
this outdated law did not cover 3rd party services and apps — only wireless compa- 
nies — and did not contain specific protections for children and teens. That should 
be changed now. 

Moreover, in the case of children, as you know, the Children’s Online Privacy Pro- 
tection Act (COPPA) is the landmark legislation in this area, but the technological 
advances that have occurred since 1998 make COPPA woefully out of date for keep- 
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ing children safe from these vast new threats to their privacy. 1998 is like the me- 
dieval ages of digital tech development, but that is when the last privacy law pro- 
tecting kids was written. 

Common Sense Media believes it is way past time to update that Act and to pro- 
vide major new privacy protections for children and teens, on mobile platforms and 
elsewhere. 

If we want to strike the proper balance, and ensure that America’s kids and 
adults can realize the benefits, and avoid the potential pitfalls, of the digital world, 
all of us — parents, educators, policymakers, and industry leaders — can and must 
take steps to improve protections for our privacy and personal information online, 
and especially for kids. But Congress must lead now. 

For kids, Common Sense Media believes those steps should build on a few basic 
principles. The first is Do Not Track Kids. Period. Full Stop. 

Children and teens should not have their online behavior tracked or any other 
personal information about them collected, profiled, or transferred to other parties. 
The 1998 COPPA categories of “personally identifiable” information ( e.g name and 
address) must be updated to include other “persistent identifiers” and to encompass 
all activities in the online and mobile world. What children and teens do online 
should remain private. 

Companies — whether Internet service providers, social networking sites, third 
party application (“app”) providers, data-mining companies, or advertising net- 
works — should not be permitted to collect, store, use, sell, or transfer that informa- 
tion at all. And Congress must pass a law with teeth in order to enforce this prohi- 
bition. 

Today many companies troll the Internet to collect our kids’ detailed information 
in order to target them with “behavioral marketing” — advertising that is specifically 
tailored to their age, gender, interests, and activities. Behavioral marketing to kids 
is unfair and deceptive, and it should stop. 

Without parents or kids knowing it, companies collect, store, and sell information 
about what kids do online and on mobile phones. Companies can install “cookies” 
or other devices that track which websites kids visit, including which pages they 
look at; what searches they make; which videos they download; who they “friend” 
on social networking sites; what they write in e-mails, comments, or instant mes- 
sages; and more. 

And thanks to geolocation services, companies can now also track where kids go 
in the physical world as well as the virtual one. 

Obviously, some online tracking is a helpful aspect of Web 2.0 technology, and 
parents or teens over the age of 16 should be able to “opt in” to limited use of track- 
ing devices, as long as they are not used for behavioral marketing and are not trans- 
ferred to third parties. This is the second major element of a legislative effort to 
protect the privacy interests of kids. 

Because of the dramatic growth of mobile technology and geolocation services, it 
is absolutely essential that privacy protections apply across all online and mobile 
platforms. And this Committee and the Senate should pass laws to that effect in 
this Congress. 

Many kids today don’t merely go online — they always are online, whether from 
their home computer or from a cell phone, iPod, or Web-connected video game con- 
sole. To reflect today’s mobile and digital world, privacy regulations need to be vast- 
ly expanded and applied to all online and mobile services and platforms. Social net- 
working sites shouldn’t be able to collect or sell kids’ private information, and nei- 
ther should third-party apps on those sites. Geolocation services shouldn’t be al- 
lowed without clear prior consent — a formal opt in by a parent — regardless of what 
type or company or operator provides the service. 

It’s important to note that just as we say, “we love media,” Common Sense also 
loves mobile technology, including for kids, but we are highly cognizant of the 
downsides as well, especially where the fundamental privacy rights of children and 
teens are involved. 

In April 2010, we published a white paper “Do Smart Phones = Smart Kids? The 
Impact of the Mobile Explosion on America’s Kids, Families, and Schools.” 

That paper highlighted the vast expansion of mobile technology usage by kids, 
and also the ways that smart phones and devices can help kids learn, explore, and 
engage. But we also highlighted some of the extraordinary potential downsides of 
mobile media, including ways that these devices may make it easier for kids to en- 
gage in inappropriate — and even dangerous — activities. These include cyberbullying, 
sexting, and distracted driving. Most importantly, Common Sense raised a number 
of critical questions about the potential downsides of mobile phones and geolocation 
technology: 
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Mobile phones with GPS capabilities can expose a kid’s exact location. Many 
new programs and apps have been developed that allow kids to announce their 
physical whereabouts. This creates physical safety concerns. If a kid shares lo- 
cation info to “friends,” that information can be passed along to unintended au- 
diences. Privacy concerns are also a huge issue. Marketers use geo-location 
technology to target kids with promotions. A child’s purchasing habits will be 
registered and personal data collected. Location-based technology raises several 
critical questions and concerns: 

• Should mobile geolocation data, persistent IP addresses and other identifying 
information be protected for children under age 13 — in the same way that 
name, age, gender, and address information are protected today? 

( Clearly . And there should he protections for 13 to 17 year olds as well.) 

• Do teens understand how their personally identifying information will be 
used, and do they need additional protections? 

( Obviously not, so the privacy of teens must be protected by clear legislation.) 

• Will this identifying information be used to target kids and teens with new 
behavioral advertising and marketing campaigns? 

(Sure, unless Congress forbids this practice, as it should. ) 

There are several additional key principles I’d like to highlight briefly from our 
recent policy brief, “Protecting Our Kids’ Privacy in a Digital World” — which should 
be essential elements of new privacy legislation from Congress this year. 

1. The Industry Standard for All Privacy Should Be Opt In — Especially for Kids and 

Teens 

Companies and operators must make significant changes in the ways that they 
collect and use personal information. The industry standard should always be “opt 
in” — companies and operators should not collect or use personal information unless 
users give explicit prior approval. 

The opt-in standard is fundamental to our ability to control our personal informa- 
tion. If online companies, services, and applications want to collect and use personal 
information, they should get permission beforehand by asking people to opt in to 
the service. And for kids and teens under 16, this means getting their parental per- 
mission up front. 

Far too many online and mobile companies launch new services — including 
geolocation-based applications — and enroll users automatically, giving them the op- 
portunity to opt out afterward. This can mean that kids’ personal information is col- 
lected and used before the kids or their parents even understand how the service 
works. All online companies, services, and third-party application providers should 
follow an industry standard of obtaining a clear opt in, especially for kids. 

2. Privacy Policies Should Be Clear and Transparent 

Privacy policies must be easy for all users to find and understand and should be 
carefully monitored and enforced. Instead of lengthy legal documents, companies 
should use icons and symbols that would clearly and simply convey how — and why — 
users’ personal information will be used. We need clear, succinct language for pri- 
vacy policies, especially for kids. 

3. The Eraser Button — Parents and Kids Should Be Able to Easily Delete Online 

Information 

Children and teenagers should have the opportunity to delete any and all infor- 
mation they have provided about themselves. Too often we hear about young people 
who post information they later regret and find they can never fully delete from the 
online world. Children and teens post personal information on websites, virtual 
worlds, social networking sites, and many other platforms. Children also make 
many mistakes when it comes to their privacy. They should be protected from per- 
manent damage. 

Online and mobile companies should be required to develop tools that make it 
easier for young people — or their parents — to completely opt out and delete this in- 
formation. Technological innovation in the online industry over the past decade has 
been truly amazing; the industry should apply that same spirit of innovation to cre- 
ating tools like “eraser buttons” so that no 15-year-old has to live the rest of his 
or her life with the consequences of a poor decision about what to post online. Con- 
gress should require this, and my talented colleagues on this panel should spend 
some of their companies’ profits to make this a reality. 
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4. We Must Vastly Increase Education and Information About Online Privacy 

Rids and parents need to do their part to protect their online privacy — and the 
privacy of their friends. A large-scale, multi-year public education campaign will 
help them learn how to do so effectively. Industry leaders could play a significant 
role in that campaign, and should be required to finance it. 

The online and mobile world is changing so rapidly that children, teachers, and 
parents all need to be educated about their online privacy rights and needs. Every 
school in the country should offer a digital literacy and citizenship curriculum, with 
privacy as an essential component, and this should be funded by industry profits. 

Educating and informing consumers is a core element of Common Sense Media’s 
work. We provide parents and families with reviews of media content, so that they 
can make informed choices and find media that is appropriate for their children. 
Recognizing the growing use of mobile devices and mobile apps by kids, Common 
Sense began reviewing mobile apps last year, and our site now features more than 
1,000 reviews of apps for kids. In many cases, our editors and reviewers recommend 
these apps for kids — but when the apps use geolocation technology to broadcast the 
user’s physical location, like “Loopt Mix — Chat!”, our reviews make clear that we 
don’t recommend them for kids, or at least not until they are older teens. But today, 
there are no required app ratings, and not a single mobile company has taken this 
issue seriously. Congress should require them to change that reality today. 

Balancing Opportunities and Potential Pitfalls 

At Common Sense, we recognize that mobile devices and geolocation services can 
create new opportunities — for learning, exploration, communication, and com- 
merce — for kids and adults. Yet they can also bring enormous threats to our privacy 
and personal well-being. But whether their impact is positive or negative, mobile 
phones and devices are not going away. As parents, teachers, industry leaders, and 
policymakers, we must all take steps to ensure that kids can access the benefits of 
mobile technology and digital media, while protecting them from potential negative 
consequences. 

Whether our first concern is protecting the best interests of kids and teens, or pre- 
serving and expanding a marketplace for all consumers so that tech companies can 
make profits and innovate, we all have a role in building a mobile environment that 
is trustworthy and safe. The extraordinary technological changes and new mobile 
and social media platforms that have developed in recent years have created en- 
tirely new environments for children and teens, with unprecedented and extraor- 
dinary implications for their privacy. It is time to update our Nation’s privacy poli- 
cies for the 21st century. They are terribly out of date. Everyone needs to be a part 
of this new effort: industry, families, schools, policymakers, and young people them- 
selves. But most of all, this Senate and this Congress need to pass fundamental pri- 
vacy protections for kids and teens — and their families — now. 

Thank you very much. 

Senator Pryor. Thank you very much. 

And again, we are going to do 5-minute rounds here on the ques- 
tions. 

I would like to start with you, if I can, Mr. Reed? And I want 
to ask about the Wall Street Journal article. I think you referred 
to it, or someone did, a few moments ago about the smartphone 
apps transmitting information. 

And we have a little chart that shows some of the companies. I 
think maybe it is the — if I am not mistaken, it is their top 12 or 
something like that, that they listed in the article. 

And Mr. Reed, how do you propose notifying consumers in a bet- 
ter, more meaningful way so that they are not surprised to learn 
that their information is being sent to folks or that they are being 
tracked? 

Mr. Reed. Well — oh, sorry — first of all, I think it is a great thing 
to look at in terms of informing the consumer. One of the best 
things about the Wall Street Journal articles is that they help do 
an education job that we in the industry — remember, most of my 
members are 3, 10 people — have had a hard time doing it our- 
selves. 
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So we benefited from that right off the front end. We were able 
to tell consumers, “Hey, this is part of what we are doing, and the 
privacy policies that we have in place are there.” 

Now we face two problems as an industry that have been talked 
about a lot. The 2-inch screen problem — how do I write a privacy 
policy that holds up to fine lawyers, like yourselves and others, 
that is simple and easy to understand and can be displayed in a 
2-inch screen? So that is one hurdle that we as an industry are fac- 
ing. 

My members want to deliver the clearest, simplest privacy policy. 
But when they go to a lawyer to have it checked, many come back 
and say, “Well, you need this proviso.” 

The second part of this has to do with the constantly changing 
world that we face in terms of business models. We started out this 
whole apps world only 3 years ago. At the time, we had an app 
store at Apple, which you sold directly, you got paid for. We didn’t 
have advertising at all. Recently, we added in-app purchasing. 

So having a private policy that not only reflects the business 
model today, but encompasses the business model tomorrow, the 
changes that Apple can make at any time to their privacy policy — 
or that Facebook can make or that Google can make — are all part 
of the problems we are having in trying to address it. 

So what we have done with our working group is we have not 
only brought in regular developers who use ads, but we have been 
focusing on developers who actually do multiple business models. 
And we have brought in ACT member Privo, which is one of the 
four recognized FTC safe harbors for COPPA, to help us create 
guidelines that can actually address the important questions that 
were raised earlier about children. 

Senator Pryor. OK, great. I think that we need to follow up on 
that a little bit more. 

But first, Mr. Davidson, let me ask you. You talked about when 
you opened your Android phone and that screen came up, and if 
you wanted to, you could check “no” for the tracking for the — what 
do you call it — geolocation? 

Mr. Davidson. Right. Our location services, yes. 

Senator Pryor. And that’s great. But what happens if then you 
start using the phone and you start adding apps that do require 
that geolocation? What happens then? 

Mr. Davidson. It is a great question, and I think it is a very im- 
portant question. So the way we have addressed that is when you 
try to install an application that wants to use location services — 
Foursquare or something, you know — you get a notice before the 
application is installed that says, “This application wants to use 
your location information. Is that OK?” 

And you actually have to accept that before installing the appli- 
cation, so — and we give notice about other kinds of information 
that the application might want. We do it very simply. It is usually 
not more than a screen. Maybe sometimes you have to scroll down 
a little bit, but it is not a multi-screen thing. We have worked very 
hard to make it very simple. And the key is — this is, I think, what 
we were talking about at the last panel — timely notice and a choice 
for consumers. 

Senator Pryor. OK. 
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Ms. Shenkan, let me ask you — you mentioned your five principles 
that you like. When I hear Mr. Davidson talk and others talk, I 
also know that there are, you know, very legitimate reasons why 
parents may want to track their own children. You know, they may 
want to know where they are. Would your five principles allow par- 
ents to do that? 

Ms. Shenkan. That is a good question. We haven’t contemplated 
it. I guess the best answer probably is we should get back to you 
on that. Of course, it would depend on the age of the child. 

Senator Pryor. Right. Well, as a parent of two teenagers 

[Laughter.] 

Senator Pryor. — let me say that there is a parental interest in 
this. 

[Laughter.] 

Senator Pryor. You know, it just — it could be a good thing, de- 
pending on the family. But anyway, yes, I hope you will think 
about that as you go through. Because when I heard your five that 
you laid out, they seem kind of ironclad, and I am not sure you had 
enough leeway in what you were doing to think about that. But 
anyway, if you could consider that, I would appreciate it. 

Ms. Shenkan. Yes. Yes, thank you. 

Senator Pryor. And let me ask you, Ms. Novelli, before I turn 
it over to other colleagues on the Committee here, you talk about 
your privacy policy. All that sounds great. But can you tell — can 
Apple tell how many people actually read it? 

Ms. Novelli. Well, they have to say that they agree. 

Senator Pryor. Right. 

Ms. Novelli. We can’t know for sure if they have read it. We try 
to make it in plain English and very short, but we can’t tell if you 
have — we can’t watch someone reading it. 

Senator Pryor. Well, but can you tell how long they are on those 
screens? Do you have any way of knowing that? 

Ms. Novelli. I don’t know whether we can or can’t, sir, so I will 
have to get back to you on that. 

Senator Pryor. Just my guess is, for a lot of folks, it is just too 
much information, and they just kind of agree without really un- 
derstanding what they are agreeing to. But that is another matter 
that we can discuss. 

Senator Rockefeller? 

Senator Rockefeller. Thank you, Mr. Chairman. 

Bret Taylor, this would be to you. Under Facebook’s terms and 
conditions, a user must be 13 or older to have an account on your 
website. Despite this, according to a recent Consumer’s Report 
study, an estimated 7.5 million users were younger than 13. More- 
over, the Facebook app in the Apple App Store is rated for age 4 
and above. 

Now my question to you is, I understand it is Facebook’s policy 
not to allow children under 13 to have an account. But the descrip- 
tion of the Facebook app and the Apple store rates the app as ap- 
propriate for age 4 and older. How is that consistent with your poli- 
cies, and who determines the rating for Facebook’s app? 

Mr. Taylor. Senator, thank you. 

That is a very good question and actually news to me. So my — 
first of all, we don’t allow people to have accounts under the age 
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of 13. If I had to guess, my guess is that because the Facebook ap- 
plication doesn’t, in and of itself, contain mature content, that is 
what the rating reflects. But I think we can follow up with your 
office about why that rating exists. 

And certainly, our iPhone application has the same rules and 
conditions governing it as our website, which means that no one 
under the age of 13 can create an account. 

Senator Rockefeller. And I appreciate that. But it doesn’t ap- 
pear to be the truth. You have 7.5 million under 13. This takes me 
back — and I won’t harp on it. But Facebook grew so fast. 
Zuckerberg gets that in Harvard. He is 20, 21 years old. He comes 
up with a big new idea. 

It is my general feeling that people who are 20, 21, 22 years old 
really don’t have any social values at this point. In his case, I think 
he was probably 

[Laughter.] 

Senator Rockefeller. No, I am serious. I think he was focused 
on how the business model would work. He wanted to make it big- 
ger and faster and better than anybody else ever had. And nothing 
I know suggests otherwise. 

So that you can’t just dismiss that 7.5 million users are younger 
than 13 and say that you have a policy that doesn’t allow that to 
happen. I asked Sheryl Sandberg. I am very worried about sui- 
cides, people stalking youngsters. They innocently put themselves 
on a blog and think it is just going to one person, and it goes to 
Indonesia and everywhere else, and you have 600 million people. 

And I asked her who signed up. And I asked her, well, how many 
employees does Facebook itself have? Now this was 2 or 3 months 
ago. She said 1,600 worldwide. I assume she is right. She is num- 
ber two in the company. So I assume she was right. 

And then I said, well, how many people do you have monitoring 
the box to see what is being said because I am, as are you, worried 
about what can happen to children — humiliation, bullying, preda- 
tors, all the rest of it. I think it is a huge subject. 

And I have town meetings all over West Virginia on this subject, 
not necessarily on Facebook, but just in general. Parents are terri- 
fied. They are terrified. And they don’t know what to do. School 
counselors don’t know how to handle it. You get a whole group in, 
and they are very worried about this. 

And she said we have 100 people who monitor these 600 million 
people, who, I assume, are doing a whole lot of blogging every day. 
And my reaction to that is that is just absolutely indefensible. It 
is unbelievable that you would say that. 

And she said, “we are going to do better in the future.” And I 
want you to defend your company here because I don’t know how 
you can. 

Mr. Taylor. Well, Senator, I just want to say we really emphati- 
cally agree with your points. And I just want to clarify a couple of 
issues. 

First, whenever we find out that someone has misrepresented 
their age on Facebook, we shut down their account. I am not sure 
of the methodology of the study you refer to, but I can tell you em- 
phatically that we don’t allow people to misrepresent their age. 
And there is a couple of interesting points here. 



80 


Senator Rockefeller. But when you say we don’t allow people 
to misrepresent their age 

Mr. Taylor. Yes. 

Senator Rockefeller. — you don’t, and you can’t. How can you 
do that? 

Mr. Taylor. Well, Senator, it is a very good question and some- 
thing we have thought a lot about. What we have found is the most 
scalable way, both in terms of age enforcement, but also the other 
issues you brought up around bullying and other protections of mi- 
nors on the site are baked into a system of enabling people to re- 
port problems on the site. 

I will talk about bullying first, because I think it is an important 
issue you brought up, and then talk about age protection. We 
have — under almost every single piece of content on the site, we 
have a link where individual users of the site can report inappro- 
priate content and report bullying. And originally, that would go 
into a special queue that our user support department would take 
and bring down the content almost immediately. 

We have also expanded that, though, with a program we call So- 
cial Reporting that enable people not only to report it to us, but ac- 
tually report it to parental and teacher authority figures who are 
also on Facebook. So if you are a minor on the site in high school, 
and you see an inappropriate picture, as I think was brought up 
in one of the open meeting testimonies, you can not only report to 
Facebook and have it removed, you can report it to a parent or a 
teacher who can actually deal with the underlying cause of why 
someone would post a picture like that and actually deal with it 
offline and deal with the underlying issues. 

We obviously — we actually have about 250 people working across 
safety, privacy, and security at Facebook. But in addition to that, 
we have mixed those with these self-reporting mechanisms because 
we find they are very accurate. 

Regarding age, that is 

Senator Rockefeller. You know what? My time is up, and I 
want to get a comment from Ms. Shenkan. 

Mr. Taylor. Thank you, Senator. 

Senator Rockefeller. Thank you. I apologize to you. 

Mr. Taylor. No problem. 

Ms. Shenkan. On the same question? 

Senator Rockefeller. Correct. 

Ms. Shenkan. You know, our view is, again, that not enough is 
being done. If we took a small amount of the time that any of these 
companies spend innovating products and started to think about 
how we protect our kids — and frankly, adults, but we are focused 
on kids — we think that would go a long way. 

I mean, these are the organizations that have created a platform 
which 600 million people across the globe use, companies that have 
mapped every street in America so that we can all — across the 
world so that we can all use. And instead of spending money to try 
and hire PR firms to try and take down the other company, let us 
take that money and spend it on figuring out technological ways 
that will protect our kids. It can’t be a hundred people sitting in 
a Facebook office, trying to monitor 600 million conversations. 

Senator Rockefeller. Thank you. 
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And thank you, Mr. Chairman. 

Senator Pryor. Thank you. 

Senator Klobuchar? 

Senator Klobuchar. Thank you very much, Mr. Chairman. 

We have been talking some about how we get privacy policies 
that are understandable and readable and yet a lawyer will draft. 
And I know that, Mr. Davidson, when you were asked at the Judi- 
ciary Committee about this, you were asked whether you would 
commit to requiring apps in your store have a clear, understand- 
able privacy policy. And you said you would take the question back 
to your leadership. 

Have you heard anything back on that, and will Google commit 
to requiring apps in your app store to have a clear, understandable 
privacy policy? 

Mr. Davidson. We think that apps should have a clear, under- 
standable privacy policy. I do not have an answer for you today 
about whether we will make it a requirement in our app store. We 
try to make our app store as open as possible for all the small busi- 
nesses who use it. 

I think those apps should have a privacy policy, and we are going 
to work to try to figure out how to enforce it. We do enforce things 
like COPPA on our app store. 

Senator Klobuchar. OK, thank you. 

And then, Ms. Novelli, you were asked by Senator Coburn — I am 
on Judiciary as well, so I was looking back at the transcripts — in 
a judiciary hearing, the one you had last week, that you were 
asked about testing apps. And you were saying how Apple tested 
an app and did random spot checks. So, presumably, you might 
spot any problems. 

And yet, The Wall Street Journal found that there were problems 
with some of the apps in terms of sharing location data without in- 
forming the user. How do those two things mesh? 

Ms. Novelli. Well, we do our best to check for all of our require- 
ments that are in our developer agreement. We do randomly audit. 
One of the requirements that we have is that you must get permis- 
sion from the — to share information. 

With respect to location, there is a requirement that if you want 
to use the location data of a consumer, you have to pop up a dia- 
logue box that is linked into our API that we designed that says 
we would like to use your location, allow or don’t allow. And I can’t 
comment on specific apps, but I believe that was not the particular 
question that was referred to. 

But when we find a problem or someone alerts us to it, we imme- 
diately investigate and work with the developer. They have 24 
hours to fix the problem or be removed from the store. What we 
have found is that developers have a great incentive to fix the 
problem. 

Senator Klobuchar. OK. 

And Mr. Reed, you have been working in the area of trying to 
put together a comprehensive set of guidelines for app developers 
that will follow clear policies, and I support that effort. I think it 
is good. 

But I look back and think that considering anyone with skills 
and a computer can build an app, do you believe that a self-regu- 
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latory approach to privacy will be enough to keep the bad actors 
out of the market? 

Mr. Reed. Well, I think there are two parts. I think that the self- 
regulatory approach is the way we have to start, but I don’t think 
it is truly self-regulatory. We heard earlier from the FTC. We think 
the FTC has and should strongly enforce Section V. 

And in fact, I know that — in this case, I won’t speak from the 
legal side of it, but we see deceptive and unfair should include or 
conceptually should include someone who misuses your data and 
just doesn’t have a privacy policy. I know that we heard earlier 
that the FTC is unsure about that. But I see no reason why if 
someone is misusing your data that doesn’t fall into the realm of 
an unfair and deceptive trade practice. 

So I would say we want to start with self-regulatory. We want 
to bolster our industry’s effort on that. And the second side of the — 
the stick side of that would be the FTC coming after folks who mis- 
use data and don’t have a privacy policy. 

Senator Klobuchar. OK. And then, Mr. Taylor, I know Senator 
Rockefeller was asking you about the number of kids who might be 
claiming they are 13. For kids, I don’t know, under 18, do you see 
a different way of trying to reach out to them to talk about the pri- 
vacy policies? And are you thinking about that in terms of making 
sure that they understand it that you might use a different ap- 
proach than with an adult? 

Mr. Taylor. Yes, it is a really good question and something we 
have thought a lot about. Fundamentally, we agree. I think most 
people in this room agree that minors, people under the age of 18, 
should have a different experience on Facebook because of the 
unique needs and privacy protections and security protections that 
a minor needs, and that makes its way into all aspects of our prod- 
uct, not just a legal privacy policy. 

So on Facebook, if you are a minor, you actually have a different 
experience. Your privacy setting defaults are different. When you 
share things, it goes to a more restricted audience. 

When you report problems on the site, our user operations re- 
spond differently if it is a minor. And it really makes its way 
throughout our product. And that applies especially to privacy and 
security issues. 

Senator Klobuchar. OK. Thank you. 

And then, Ms. Shenkan, last follow up with some of Senator 
McCaskill’s point, not all data sharing is bad. And in fact, much 
of it can be beneficial to both the consumer and third parties. 

So the question is where you draw that line. And more targeted 
advertisements can be more relevant and helpful to the users. 
However, as you know, there is this line between sharing data and 
tracking. And where do you see the line, and what common prac- 
tices do you think cross it? 

Ms. Shenkan. Thank you for the question, Senator. 

If behavioral targeting or advertising is so useful to consumers, 
they have should have the ability to say “opt-in.” So if I happen to 
be on Facebook and I am writing to a friend or posting on my wall 
about wanting to go see Elvis Costello, and I say, you know, that 
it is fine to track and monitor my conversations and advertise to 
me on that, and I get an ad, then that was my choice. And I obvi- 
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ously saw the value of providing my information to get something 
back. 

Also I think that — just if I can — I thought that Senator Kerry 
made a really fundamental point in his statement when he said 
that he rejected the notion that there is a choice, fundamental 
choice that needs to be made between innovation and protecting 
privacy. We couldn’t agree more. That is a false choice. 

The entire — the Internet economy in the U.S. alone will be close 
to $200 billion in e-commerce. Most of that was not created by har- 
vesting private data and using it to behavioral target people. 

In fact, one of the beautiful things about search engine adver- 
tising is that customers are opting in every time they go onto a 
search engine. They are putting up their hand, and they are say- 
ing, “I am in market for a new car or truck, so please advertise to 
me.” 

And that is OK, and it can work that way. And $15 billion a year 
are spent by advertisers in that part of the economy, and that is 
fantastic. And that is an example of where privacy is protected and 
innovation has happened. 

Senator Klobuchar. OK. Well, if any of you all want to respond, 
I think I am out of time, but we can talk about it later. 

Ms. Shenkan. Thank you. 

Senator Klobuchar. OK. Thank you. 

Senator Pryor. Thank you. 

Senator Blunt? 

Senator Blunt. Thank you, Chairman. 

Mr. Taylor and Mr. Davidson, I am going to ask you in a 
minute if there is any example you have of a problem that the com- 
pany self-corrected. You know, one of the things I hear is when 
there are problems that usually the company moves forward and 
self-corrects them before anybody else even knows they are a prob- 
lem. And a couple of examples of that would be helpful, if you have 
them. 

Ms. Novelli, do you — does Apple track the location of my iPhone? 

Ms. Novelli. No, sir. We do not track the location of your 
iPhone 

Senator Blunt. Don’t track the location? 

Ms. Novelli. We do not, sir. 

Senator Blunt. And is it — are you — is it logging in right now? 
It is on. Is it logging in, or are you — is there some log-in system 
that you look at for my iPhone? 

Ms. Novelli. No, sir. Apple does not look at a log-in system for 
your iPhone. 

Senator Blunt. So what do you do? How does it work that I 
might get some advertisement for something? 

Ms. Novelli. An advertisement on an app? 

Senator Blunt. I will be solicited on an — well, on an app or 
through my mail account or whatever. 

Ms. Novelli. Well, sir, there are no advertisements on the mail 
account that is on your iPhone. You could get an advertisement. 
There is a Web browser on your iPhone that is just like if you used 
your computer, our Safari Web browser. And that works the same 
as it would as if you were working from a computer. So that if you 
are logged onto a website 
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Senator Blunt. But I would have to be doing — on something for 
that happen you are telling me? 

Ms. Novelli. Correct. That is correct, sir. 

Senator Blunt. What is crowd-sourced — what is a crowd-sourced 
database? 

Ms. Novelli. That is a — essentially what it is, sir, is a map of 
the locations, the geolocations of cell towers and Wi-Fi hotspots 
that we derive from information that is anonymously sent to us 
from people’s phones, from iPhones. So the phone, when it goes by 
a location, will send saying, “There is a Wi-Fi hotspot here. There 
is a cell tower there.” There is nothing that connects it to an indi- 
vidual or the individual’s phone. 

And we are using that map to help people later on when they 
want to know where they are. And it is a simple process of being 
able to know where you are relative to fixed points, just like a reg- 
ular map works. 

Senator Blunt. OK. Mr. Davidson, back to my other question. 
Did you think of an example of something that could have been a 
problem that you all just went in and self-corrected? 

Mr. Davidson. I think we are constantly innovating. I don’t 
know if it is always about fixing problems. But I will give you a 
couple of examples. We take the comments from Ms. Shenkan very 
much to heart about trying to do more to protect children. 

So, for example, relative recently, we just launched a PIN lock- 
out feature on Android so that parents could control — could make 
sure that — or anybody could make sure that their phone isn’t 
downloading apps without a PIN. We have expanded our Safe 
Search program, which is a project to enable people to set controls 
on search results to make sure that they are child friendly. 

We have just added a flagging mechanism in Android so people 
can flag bad apps. This is similar to what Mr. Taylor was talking 
about. These are all things we have done. I think they have all 
been improved in the last 6 months. 

Now I would say, you know, some of them are really about trying 
to make sure that we are doing more and always doing better to 
protect children. There have probably been other things that we 
have done that we are constantly trying to correct. 

Senator Blunt. Mr. Taylor? 

Mr. Taylor. Yes. It is a very good question, and I think, to Mr. 
Davidson’s point, in the industry we are constantly working to im- 
prove the security and safety of our products because it is the basis 
by which people choose to use them. And if they lose trust in a 
service like Facebook, they will stop using it. 

I think a very timely example is actually this Friday, we will be 
announcing, in partnership with Microsoft and the National Center 
for Missing & Exploited Children, we are going to be deploying a 
photo technology that Microsoft Research developed to identify, 
using relatively sophisticated fingerprinting technology, pictures of 
missing and exploited children, both to prevent child exploitation 
on Facebook and help people find missing children. 

And that is something we did proactively and in partnership 
with these two organizations because we care deeply about all 
these problems, just as all of you do. 
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Senator Blunt. Ms. Shenkan, you mentioned something. I just 
want a little clarification. We need to protect kids from permanent 
damage. I assume that meant if they had put something out there 
for people to see. 

How do you do that if people have already seen it and somebody 
has already captured that? Assuming that kids have access to this 
way to communicate, how do you protect them from permanent 
damage if they have made a decision to put something out there 
that is damaging? 

Ms. Shenkan. The issue — thank you for the question. 

The issue is that the information is not only public when some- 
body puts it up, which is hard to control, but it is that it is per- 
sistent. It is very hard to take the information down. We have 
talked about in one of our privacy briefings the concept of an eraser 
button, where it would be very easy for somebody who realized that 
they put up something that they didn’t want up there, that they 
could then take it down. 

Senator Blunt. But once you put it up there, can’t somebody else 
capture it, and then they have it? 

Ms. Shenkan. Yes, and that is the problem. I mean, again, you 
know 

Senator Blunt. But I mean, that is the problem of putting it up 
there is somebody else can capture it. And then they have it, and 
they can share it. Is that — am I wrong on this? 

Ms. Shenkan. Yes — no, that is the problem. 

Senator Blunt. Yes. I don’t know how you — how you stop perma- 
nent damage if somebody does something that is damaging, unless 
it just happens that nobody sees it and nobody else decides they 
want to use it. The problem here is access. 

It is very scary. Any of us who have children or grandchildren, 
it is very scary to think of what somebody might do. But I am not 
sure we can actually ever come up with a fence that is high enough 
or big enough to stop that from happening. And you know, it does 
have that terrifying long-term problem. But if people have access 
and they put information out there, it is out there. 

Ms. Shenkan. Yes. Well, and there is an industry blossoming 
that you can pay companies to go spend time every month taking 
down information that is posted about you online. So people are fig- 
uring out ways to do it. 

What we would like to see happen is the companies in this room 
and elsewhere figure out how to make that much, much easier. 

Senator Blunt. Mr. Davidson? Then my time is up. 

Mr. Davidson. I would just add, and I know this isn’t the most 
attractive solution, but a huge part of this is about education. And 
I have young children. I would just say I think — you know, there 
is a recent report from the National Academy talked about some 
of these problems and said, you know, you could try to build a 
fence around every swimming pool, or you can teach children how 
to swim. 

And I think what we really need to work on is how to teach chil- 
dren how to be literate in this new world. And that is a very, very 
big project. 

Senator Blunt. Thank you, Chairman. I am sorry I went over. 

Senator Pryor. Thank you. 
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Senator McCaskill? 

Senator McCaskill. Thank you. 

I got a Tweet from my last round of questions I want to address. 
I didn’t mean to sound flippant about HIPAA. I don’t know if “AM 
Privacy” is in the room. But if you are, what I was trying to say 
about HIPAA was that the bottom line is that we had some unin- 
tended consequences and some costs that came with HIPAA. 

That 2-inch screen you talked about? We clearly didn’t get that 
down on HIPAA because most people who are going to the doctor’s 
office are not reading the long thing that they have to read, and 
they sign. And I bet most people in this room would admit if they 
go to the doctor, they are not reading the whole long thing they 
sign on HIPAA, and you have to sign one or two or three of them 
every time you go, which adds administrative costs in. 

And there were some unintended consequences in terms of find- 
ing people that might have similar very — some of the diseases that 
are very unique and rare, trying to find people for research pur- 
poses. HIPAA has stood in the way of some things that were a 
problem. 

That doesn’t mean we shouldn’t work on privacy. I am just being 
cautionary that we want to be very careful as we move forward on 
privacy because so much of the success we have had in this space 
in our country in the Internet and in the advance of technology has 
been remarkable. And I want to make sure that we don’t have un- 
intended consequences. So whoever “AM Privacy” is, I am glad that 
I could clear that up before I ask my questions. 

I want to make sure that everybody understands how easy this 
is in terms of turning off things. I mean, not only do I have the 
ability to make sure that I don’t have any location services on here. 
I can even go down, and you tell me every single app that is using 
location services, and I can individually go to each one and turn 
each one off. 

The other thing that you do is that you tell me if anybody has 
used my location in the last 24 hours. There is a little logo that 
pops up, and so I tried it while the others were questioning. I went 
on Kayak, checked out a flight, and now there is a little arrow 
there that tells me Kayak used my current location as I was look- 
ing for flight. 

Now all I have got to do is just flip that switch, and Kayak — I 
am telling Kayak it is none of their business where I am. Very sim- 
ple, very easy to find, right on the page. 

So now, here is the thing I wanted to ask Ms. Novelli and Mr. 
Reed. I am a little confused why “Cut the Rope” is on that list. I 
am a little confused why “Paper Toss” is on the list. 

And it seems to me if we are talking about just games — I mean, 
“Paper Toss” is a game where you try to get a — it was one of the 
ones listed in the Wall Street Journal article. All you do — there is 
nothing in that app that has anything to do with location, other 
than the fact that you are trying to get a piece of paper into a trash 
can. And it is just a game. Same thing with “Cut the Rope.” 

So it seems to me if it is very obvious by the app that there is 
no need for any location, that that could be where the industry 
could focus on making sure that people understood the con- 
sequences. Clearly, the only reason “Cut the Rope” or “Toss the 
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Paper” is tracking my location is to try to sell to other people 
where I am going and what I am doing because there is no applica- 
bility to the game that is involved. 

So it seems to me if you could focus there first, in terms of mak- 
ing sure privacy is very obvious. And when I go on “Cut the Rope” 
site, which I just tried, and “Toss the Paper,” I don’t see anything 
on there that tells me anything about what they are doing as it re- 
lated to tracking me. So could Ms. Novelli and Mr. Reed respond 
to that? 

Mr. Reed. Well, first things first. You raised a good question, 
and I would say that I often on games like that, I say “no.” When 
it asks me, “Can I share your location?” I just turn it off. 

The reality is, is that for some of us who are building applica- 
tions that are ad-driven, the third-party ad networks will ask us 
for information so that they can provide a higher-quality ad. One 
of the things — and then that location information is part of it. 

It is interesting to see that there are actually some interesting 
kind of small-town benefits that we have seen. I will use “Red 
Laser” because it is a slightly different one. I can hit a — I can hit 
a SKU. It will tell me the product. It will show me the Amazon 
price. But right below that, it will tell me Tom’s hardware store 
has that same product. It is $3 more, but guess what? It is right 
across the street. 

Now Tom didn’t have to buy an ad from a major supplier. He 
could actually target it just to that zip code. So there are some ben- 
efits to that kind of ad marketing. 

But I would also say that you illustrated the first point most 
readily, which is you want to use “Paper Toss,” and you don’t want 
to use the — and you don’t want to see the ads that are targeted, 
turn off location-based services. And I think that is something that 
we, as an industry, understand and expect some consumers to do. 

We have to figure out how we still make money — make money 
from the ad networks because they control our — they control our 
income from that. And so, we have to find an agreement with 
them, rather than us as the tail wagging the dog, where they agree 
to the terms that you have suggested. 

Senator McCaskill. Couldn’t — Ms. Novelli, couldn’t you all — and 
I know Apple is loathe to do anything to stop the amazing flow of 
applications that are making your products so desirable, and I get 
that. But it seems to me on some of these apps that if I had a 
choice, you can either get it for free and see some ads, or you can 
pay $2.99 and be ad free and track free. 

I mean, it seems to me that is a simple consumer choice that 
could get — that the industry could do, both Google and Apple, if the 
two of you did it, and Facebook, to the extent that it would apply 
to you. 

But I think that would go a long way toward consumers begin- 
ning to understand, first of all, that when they are being tracked, 
it helps pay for things, and that is why they get so much free. And 
it would begin to drive home, there is nothing better than driving 
home the point of what they are getting for free and how than to 
give them that simple choice. 

Has there been discussion about that? And why haven’t you 
moved toward that kind of model? 
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Ms. Novelli. Well, first of all, Senator McCaskill, there are apps 
on the App Store — and my husband, in fact, has downloaded a cou- 
ple of them — where you have that choice. Either it is free and you 
have to submit to advertising, or you have to pay. And so, there 
are apps on the App Store like that now. 

In terms of the pricing, though, we have the developers set the 
pricing. We have not really gotten into trying to set prices of apps. 

Senator McCaskill. No, I don’t want you to. I just want you to 
maybe say 

Ms. Novelli. Right. 

Senator McCaskill. — that people should have the choice as to 
whether or not they want to pay or whether they want to — they 
want the ads. 

Ms. Novelli. And developers have been making that choice, and 
there are those choices on the App Store now. And I don’t know if 
Mr. Reed wants to comment? 

Mr. Reed. If I could indulge for 1 second, what you described is 
exactly what we are doing. And we appreciate that Apple and now 
Amazon and Google and others are doing in-app purchasing. But 
remember that that is exactly the model we are using. We are say- 
ing on the store right now I have an app in the “Paid For”, and 
then I have one that says “Free” next to it or “Lite.” You make a 
choice which one you want. 

Here is an interesting number, though. And we may even sub- 
divide it and say we will do in-app purchases, so you can turn off 
ads after you have bought the free version. 

Senator McCaskill. I know, I know. 

Mr. Reed. Yes, so 

Senator McCaskill. And I get — and I don’t want to cut you off, 
but my time is over. 

Mr. Reed. Sorry. 

Senator McCaskill. But the bottom line is it is not clear. I get 
“Lite,” I get “Free,” and I get “Paid,” but I don’t really understand 
when I am making that decision that it also might involve track- 
ing. And that is what I am saying. 

I think that might be something you all could do as an industry 
that might forestall some unintended consequences by aggressive 
government regulations. 

Mr. Reed. Thank you. 

Senator McCaskill [presiding]. Thank you all very much. 

And the next questioner would be — it says Senator Udall. 

STATEMENT OF HON. TOM UDALL, 

U.S. SENATOR FROM NEW MEXICO 

Senator Udall. Thank you, Claire. 

Senator McCaskill. I am following the list I was given by the 
Chairman. 

Senator Udall. No, no, no, that is great. Thank you very much. 

And I know the Chairman isn’t here, but I really appreciate him 
holding this hearing and all of you responding to the questions of 
the panel. 

As you can see by the questions, there is no doubt that there is 
a lot of concern in terms of privacy, in terms of protecting minors 
and those kinds of things. And I really look forward to your supple- 
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mental answers that some of you are going to give because I think 
those are some of the key questions that are out there. 

And I think from this subcommittee’s perspective, we are going 
to continue to ask these questions and continue to do oversight. 
And so, I think you should expect that. 

Recently, I joined Senators Reid and Schumer and Lautenberg in 
asking Research in Motion, RIMM; Google; and Apple to stop sell- 
ing dangerous apps that enable drunk drivers to evade law enforce- 
ment. In 2009, drunk drivers killed nearly 10,000 people nation- 
wide, including 141 in New Mexico. 

Apps like DUI Dodger, Buzzed, Checkpointer, and Phantom Alert 
provide drunk drivers with the precise location of DWI checkpoints 
as they drive. This is in while they are driving around. Some apps 
even offer audio alerts warning drunk drivers as they approach po- 
lice checkpoints. 

While I agree that public notification of checkpoints on the news 
or in the paper can serve as a deterrent to prevent individuals from 
making the decision to drive drunk, providing real-time accessi- 
bility tailored to a driver’s location only serves to provide drunk 
drivers with the tools to more effectively break the law and endan- 
ger others at a time when their decisionmaking capabilities are al- 
ready impaired. 

And I am very pleased that RIMM did the right thing and imme- 
diately pulled these apps from the BlackBerry app store. Why are 
Apple and Google still selling DWI apps that encourage breaking 
the law? 

And that question, I think, would be directed most to Ms. Novelli 
and Mr. Davidson. 

Ms. Novelli. Well, Senator, when we received your letter, the 
first thing we did is start to look into this and tried to research the 
whole situation because Apple abhors drunk driving and doesn’t 
want to, in any way, be encouraging it. 

What we found when we looked into it is that there were some 
differences of opinion among reasonable people about whether pub- 
licizing, as you note, checkpoints deters or helps drunk driving and 
that, in fact, some of the information is actually made public by the 
police forces themselves and is on the Internet. 

We are continuing to look at this issue. We will continue to talk 
with you and your staff as we continue to evaluate it. We do not 
want to be enabling or supporting drunk driving in any way. 

Mr. Davidson. I guess I would echo that sentiment. We certainly 
appreciate the seriousness of the issue that has been raised. We do 
remove applications from the Android marketplace that violate our 
content policies. 

But apps that — after an initial review, apps — we determined that 
apps that merely share information of this sort don’t violate those 
policies at this time. And so, we are evaluating this. We have been 
talking to your staff. We have appreciated the chance to continue 
to do that, and we are taking a very serious look at it. 

Senator Udall. Now, as far as Apple’s stated policy, you don’t — 
you have a policy that you don’t encourage with your apps people 
to break the law. Is that correct? 

Ms. Novelli. Yes, sir. 
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Senator Udall. And isn’t exactly what is happening here is — I 
mean, you can imagine. You have had our letter now for 2 months. 

And you can imagine a person that is drunk — DUI, DWI — driv- 
ing down the road and they have this — one of these apps turned 
on, and it issues an alert, tells them there is a checkpoint ahead. 
Then they can use their device to then find a way around the 
checkpoint. It seems to me that kind of application is encouraging 
breaking the law. 

Ms. Novelli. Well, we are reviewing, as I said, sir 

Senator Udall: Well, you have had 2 months. How long are you 
going to review it? 

Ms. Novelli. Well, we will be working with you on this. We are 
reviewing it. There are some of the apps, for example, that have — 
a cab number for you to call a cab, alert you that there are, you 
know, there are checkpoints, and here is a phone number for you 
to call a taxi. 

So I think they are not ubiquitous, all of these apps. And as I 
said, some of the information is made public by the police them- 
selves. So I think reasonable people have different points of view 
about how to go about this, and we are trying to do this in the most 
thoughtful and responsible manner. 

Senator Udall. No, and I understand that. But I hope that you 
all understand the difference between the police department, the 
state police, county police, sheriffs, whatever, issuing a broad, gen- 
eral thing that, on Friday night, we are — or Saturday night, we are 
going to have a checkpoint out there at various points in town. 

That serves a deterrent, I think, for people to know. Even 
though, you know, there is a 2 percent chance of catching drunk 
drivers. So all of us that are out on the highways, 2 percent chance 
of catching, you utilizing — somebody utilizing these apps, it makes 
it even less likely. You know, may drop to 1 percent or half a per- 
cent or whatever it is. 

But the important point is, is that here you have law enforce- 
ment issuing generalized bulletins. But what people do with your 
apps, and what they are able to do is specifically, in real time, de- 
termine there is a checkpoint and evade the checkpoint and pos- 
sibly afterwards get in an accident and have somebody killed. 

So I understand that you all are looking at it closely. But I think 
this is a crucial question for law enforcement. I mean, I have heard 
from local police department in Las Cruces. The attorneys general 
of New Mexico, Delaware, and Maryland have also signed onto this 
issue and are asking the same questions. And I think the more 
that this is out there, you are going to be getting these kind of 
questions. 

I am sorry, Mr. Chairman, for running over. But I very much ap- 
preciate — I said earlier, your effort at consumer protection and 
what you are doing in this area is greatly appreciated. 

Thank you. Thank you, and thanks to the witnesses being here 
today. 

Senator Pryor [presiding]. Senator Udall, you are asking impor- 
tant questions. Thank you. 

Senator Rubio? 



91 


STATEMENT OF HON. MARCO RUBIO, 

U.S. SENATOR FROM FLORIDA 

Senator Rubio. Thank you, Mr. Chairman. 

Thank you guys for being a part of this. This is very timely and 
interesting. 

Just to close the loop on the Apple portion of it, as an Apple user 
with a lot of Apple users in our family, I think one of the things 
that created all this frenzy — and I know the answers to this, but 
I wanted other people to hear it as well — is the two researchers 
that found that file on the iPhone and the iPad that appeared to 
contain the time-stamped record, and then they were able to go out 
and create an app that basically created that map, the whole thing 
that flared up in late April. 

And the company, I think, acknowledged that that was a glitch 
and has offered some updates to fix that. Are those updates avail- 
able already? 

Ms. Novelli. Yes, sir. Those updates have already been imple- 
mented for most of all of the questions. There was one question 
about encryption that is going to be implemented shortly. 

But I would say that, again, that there was no actual information 
on your phone about your actual location at any time. What was 
on your phone was essentially like a city map of Wi-Fi hotspots and 
data bases, not where you were on that map. 

Senator Rubio. Right. But the key to it was that the company’s 
position was that it wasn’t intentional. It wasn’t our design. It is 
a glitch that exists. 

For example, even if you had — even if the toggle switch had said 
no, it still was feeding the information, and it was storing it for 
longer periods of time. 

Ms. Novelli. Correct. 

Senator Rubio. So the company is now providing a single update, 
or is it multiple updates? 

Ms. Novelli. That update went out a couple of weeks ago, and 
it — there is no more 

Senator Rubio. Well, but 

Ms. Novelli. Which is working perfectly now, and it is not 
backed up. Your information is not backed up to a computer, and 
the encryption question is being addressed in our next update. 

Senator Rubio. So someone who has an iPhone or an iPad, that 
update is available. They still have to pull the update into their de- 
vice? 

Ms. Novelli. Yes. It is a free update. 

Senator Rubio. And what would they — just for people watching 
this — need to functionally do? 

Ms. Novelli. When they synch their phone, they will get a no- 
tice saying there is an update available. Do you want to install it? 
You say yes, and it just installs on your phone. 

Senator Rubio. So, basically, anyone out there who hasn’t up- 
dated their phone in the last 

Ms. Novelli. In the last 2 weeks. 

Senator Rubio. — should go and update their phones so that this 
information is all available for them. 

Ms. Novelli. Yes. 
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Senator Rubio. OK. The second question has to do with the rela- 
tionship with third parties. There is some confusion about that be- 
cause people go to the Apple App Store or the Android market or 
Facebook, wherever. When someone buys an application from an 
online store like that, both from the reality and from the legality 
perspective, who do they have that — who is their relationship with, 
their business relationship when they do that? 

Like if I go on and I get an application for my phone — and I 
think this question is for all of you, because I think Facebook does 
that as well — who do I, at that point, have the relationship with? 
Is it with you, the marketplace? Or is it the actual app vendor? 

Ms. Novelli. Well, just from our perspective, once you buy the 
app and you use it, your relationship is with the app developer at 
that point. The first-party relationship is with the app developer. 

Mr. Davidson. We would agree with that, and usually, for exam- 
ple, a lot of applications, there will be a terms of service you have 
to agree to when you first install it or something like that. And 
there is an agreement there. 

I think it is why users need to be careful about what applications 
they use and be thinking about that. It is also why we have tried 
to give people in our Android marketplace at least as much infor- 
mation as we can before you install the app because that is sort 
of when we lose the relationship. 

Senator Rubio. I think that point is critically important because 
a lot of people aren’t clear about that. And I know that anyone who 
sells an app goes through a general screening process. But ulti- 
mately, your business relationship is only as good as the company 
or whoever it is you are interacting that app with. And so, that is 
important. 

Here is my secondary question. If I have a problem with an 
app — let’s say I pull an app into my device, and then, all of a sud- 
den, I start having problems with them, any of these other issues 
that we are talking about. Let’s say I am able to deduce that there 
is a problem or I get suspicious. Is there a process in place where 
I can report them to you? What is that process? 

Mr. Davidson. So, in our case, we have installed a flagging 
mechanism so that users can flag applications for a variety of dif- 
ferent reasons. And there, you get a check — once you do it, you get 
a whole set of reasons why you might want to be flagging it, and 
that is going to a place for review. And that is the starting point 
for us. 

Senator Rubio. Is that the same for Apple? 

Ms. Novelli. We have an ability on our app store to contact us. 
And you can flag any concerns you have, and we investigate imme- 
diately. 

Senator Rubio. OK. My last question is for Facebook. It is about 
the geolocation data that is collected when people check in on the 
Places feature. Is this only collected at the time they check in? 

Mr. Taylor. Right now, the Places feature is designed so you can 
explicitly share your location with people that you choose at the 
time of sharing. And so, Places is not a feature about passively 
sharing your location. It is about actively sharing your location. 

Senator Rubio. But that happens when you — at that moment, 
when you check in, basically. It is an active — it is an act of the 
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Mr. Taylor. Yes, you actually click a button that says “check in,” 
and that information goes on your profile. 

Senator Rubio. And then how long do you guys keep that infor- 
mation? 

Mr. Taylor. That information that you shared, like “I am at this 
restaurant with some friends,” that is on your profile as long as 
you want it to be. And you can remove it from your profile at any 
time. 

Senator Rubio. But if the individual doesn’t remove it, it stays 
on there indefinitely? 

Mr. Taylor. Yes. It is because we consider it just like if you pub- 
lished a status update on Facebook. It is you made the decision to 
share where you were, and it is up to you who you want to share 
it with and if you want to delete it. And you can actually change 
both of those after the fact. 

Senator Rubio. Right. By the way, you are probably not shocked 
that some people lie about where they are on their updates. 

[Laughter.] 

Senator Rubio. I have seen that a few times. But, so people un- 
derstand, when they go on there and they log on, they say, “I am 
here,” — that is going to stay on there forever unless you actively go 
back and delete it yourself? 

Mr. Taylor. That is correct, and it is because, fundamentally, it 
is just like if you decide to share a status update or a photo, we 
consider that your information, not ours. And we consider it actu- 
ally sort of an imperative to actually keep that information because 
you have entrusted us to keep it on behalf of, you know, sharing 
it with your friends. 

Senator Rubio. Thank you, guys. I appreciate it. Thank you. 

Mr. Taylor. Thank you. 

Senator Pryor. Thank you. 

Senator Thune? 

STATEMENT OF HON. JOHN THUNE, 

U.S. SENATOR FROM SOUTH DAKOTA 

Senator Thune. Thank you, Mr. Chairman, and I want to thank 
all the panelists. 

We are all encouraged by the substantial growth and the wonder- 
ful technology we have today in the mobile marketplace. But it 
does, you know, obviously raise questions and concerns about how 
the developing industry is impacting consumer protection and pri- 
vacy. And so, having all these — access to all these things in the 
palm of your hand is a wonderful tool. 

And then there is a lot of competition to create the new, best, 
greatest thing, which is part of our entrepreneurial spirit in Amer- 
ica. But we want to make sure that when we do it, we do it in a 
way that does appropriately protect consumers online without sti- 
fling that innovation and growth. 

So I want to direct a question, if I might, to Mr. Davidson, and 
it has to do with this FTC recently alleged that Google had violated 
the FTC Act inappropriately — by inappropriately collecting Gmail 
user information to populate Google’s Buzz social network. Accord- 
ing to the FTC, Google’s action led to its Gmail users receiving con- 
tact with individuals whom they had serious concerns about. 
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Could you talk a little bit about how Google has responded to the 
FTC on that matter? 

Mr. Davidson. Absolutely. You know, as I said in my testimony, 
we hold ourselves to high standards on providing transparency and 
choice control to our users. And the situation that you allude to, 
where the launch of our Buzz product didn’t meet those standards 
was very confusing for our users. 

We think we have fixed it relatively quickly. In a matter of days, 
we had changed the product. But we had been in a longer con- 
versation with the FTC about it afterwards and then, relatively re- 
cently, entered into a consent decree with them. 

We have agreed to, for the next 20 years, put our money where 
our mouth is, and we have signed up for two major things here. 
One is really installing — instilling privacy by design, a process in 
our company for making sure that we are thinking about privacy 
from the earliest moments. And that is going to be something that 
is audited and assessed by an outside auditor and reported to the 
FTC every 2 years for the next 20 years. 

The second thing is that we have agreed that we are going to get 
affirmative consent from users for any new sharing of information. 
And those are two very powerful things, and I think those are the 
kinds of things we said we would do and had agreed to do, but now 
we have got a consent decree with the FTC to show our users that 
we are going to do it for the next 20 years. 

Senator Thune. Do you think that some of those particulars that 
you talked about might be considered a best practice for other com- 
panies to consider? 

Mr. Davidson. You know, I think that is something probably bet- 
ter addressed to other companies. I know that there are a lot of dif- 
ferent models out there. We think that this was the right thing for 
Google and for our users, and so we have adopted this agreement 
with the FTC. And I leave it to others to decide what is right for 
other companies. 

Senator Thune. OK. I am concerned that if companies agree to 
implement more restrictive privacy controls, that there are still in- 
dividuals who are going to try and hack into mobile devices and 
apps to collect user information for third-party users. It just seems 
that mobile devices and apps are far more susceptible to hackers 
and to those types of deceptive activities. 

And this is a question that any of you feel free to answer. Has 
the industry considered how they can make mobile devices and 
apps more secure, similar to how we, you know, protect our home 
computers with anti-virus software and firewalls, those sorts of 
things? And are we seeing any companies that specialize in secu- 
rity for mobile devices and apps? 

Mr. Reed? 

Mr. Reed. On the first part of the question, yes. As a matter fact, 
there is a company called Lookout that is building a product for the 
Android platform that provides security and malware detection for 
the Android platform. 

I mentioned the Android because it is a little different than 
Apple. Apple gives us as developers very little access to information 
of the device itself. They are very restrictive in what we in the de- 
veloper community can ask for in terms of information. 
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So we — it is a little — it is where you see a lot more in the space, 
in the Android space, where it is more of the wild, wild West, and 
where there is more of a tendency for people to do the kinds of mal- 
feasance that you are talking about. So Lookout is an example of 
a company that has come to the fore to address the problem that 
you have stated. 

Mr. Davidson. Yes, we would — so, first of all, I think there is a 
huge amount of energy being put into security. It is a great ques- 
tion. 

You won’t be surprised that I wouldn’t characterize it as the 
wild, wild West. 

[Laughter.] 

Mr. Davidson. I think, actually, our view is actually the open- 
ness of the platform and the fact that the code is open source is 
actually a major security feature because people around the world 
are able to look and assess the code and assess the system and the 
security architecture and test it all the time. And that means that 
we believe in — you don’t get security with secrets anymore. You get 
security with openness. 

The other thing is that there are a huge number of features, and 
we are among the people who are rolling these out, and they are 
being rolled out for the mobile platform, things like making sure 
that there is https encryption by default on major products like 
Google, like Gmail, and it is available on Search as well. 

We have added a two-factor authentication on another system to 
Gmail. That means that a password is not enough. You might actu- 
ally to have a device and a password, which I think for people who 
are really concerned about their mail products, this is really impor- 
tant. 

And there are a lot of other companies who are rolling these 
kinds of things out as well. So it is a very important area, and 
there is a huge amount of research going into it and work going 
into it. 

Senator Thune. Is there anything that Congress can do to help 
encourage greater protection when it comes to mobile devices and 
apps, or would you rather we stay out of it? 

[Laughter.] 

Mr. Davidson. Well, it is a rapidly evolving area, for sure. I 
think there has been discussion about data breach legislation. I 
think a lot of us, for example, would say that that is an area for 
consideration because there is such a patchwork of state laws. 

But I would just recognize there is a huge amount of 

Senator Thune: It is already happening. 

Mr. Davidson. It is a very dynamic environment right now. 

Senator Thune. OK. All right. Thank you, Mr. Chairman. 

Thank you all very much. 

Senator Pryor. Thank you. Thank you, Senator Thune, for being 
here and asking those great questions. 

I want to thank all of the panelists for being here today. I know 
that when you look at the pleasantness scale, sometimes coming 
before the Senate is way down here. But thank you for being here 
and thank you for testifying. 

And as much as we talked about today, we covered a lot of 
issues. I feel like we still are just kind of at the tip of the iceberg 
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here. There is just a lot more to know and to learn and for us to 
weigh through, and we certainly appreciate your all’s input and 
your help as we go through this. 

We are going to leave the record open for 2 weeks, and I am cer- 
tain that several will have additional questions and want to do 
some follow-ups. I know I have a few. But we will leave that open 
for 2 weeks, and we would really appreciate you all working with 
the staff and getting that back to us in a timely manner. 

Thank you for being here, and we will adjourn the hearing. 

Thank you. 

[Whereupon, at 12:29 p.m., the hearing was adjourned.] 



APPENDIX 


Prepared Statement of Hon. Kay Bailey Hutchinson, 

U.S. Senator from Texas 

Thank you, Mr. Chairman, for calling this hearing. Privacy is a very complex 
issue, and today’s witnesses will help the Committee continue its education on this 
important subject. 

This hearing will strengthen our understanding of the relationship between con- 
sumers and the many players that make up the mobile communications market- 
place, including how personal information is collected and used by mobile devices 
and services. 

It is important to ensure that we fully understand what the impact is on con- 
sumers who take advantage of mobile communications, and the relationship be- 
tween the utilization of consumer data and the provision of advanced, often free 
services. 

Mobile communication is a rapidly changing marketplace, where new technology 
is constantly advancing and overtaking previously groundbreaking technology. This 
is even truer in the mobile marketplace, where the last few years have seen an ex- 
plosion of highly evolved and increasingly capable products. 

For example, mobile apps really just surfaced in 2008, but as we will hear on our 
second panel, the number of available mobile apps will likely exceed 500,000 by the 
end of this year. 

Each of these apps had to be developed, and that development brings economic 
benefits to our economy and the creation of jobs. Now more than ever, we should 
be encouraging sectors of our economy that show this kind of promise for continued 
job creation. 

With these new technologies have come new and increased recognition of privacy 
concerns for consumers who use online products and services. 

Consumers are understandably wary of products that they may not fully under- 
stand, and of what companies do with the information about consumers that they 
gather. 

This concern has come to the forefront with several high-profile incidents involv- 
ing collection of consumer information. The attention those incidents received has 
served to raise public awareness that their information may be collected and used. 

This increased attention has also made many consumers more conscious about 
privacy policies and practices when utilizing new products and services. 

The marketplace appears to be responding to those concerns. Some companies 
have already started taking steps to improve privacy policies so they will no longer 
be merely screens of complicated information that a consumer quickly clicks through 
to get to the next screen, or to the desired application. 

Many consumers are more aware of data collection activities and are looking for 
how a company treats their data. As a result, privacy policies and robust protection 
policies have become a selling point for many new technologies. 

It is a positive development that several industries are working to create self-reg- 
ulatory guidelines and best practices related to consumer privacy. 

In response to the FTC’s call in 2009, the Digital Advertising Alliance created 
self-regulatory principles governing the collection and use of information online. 

Also, a majority of Web browsers are implementing various methods to allow con- 
sumers to prevent their online activity from being tracked. 

In the mobile space, there are already privacy safeguard certifications available 
for mobile apps, and the app community is coming together to create its own set 
of privacy guidelines. 

This is how the market is supposed to work — a consumer concern was identified 
and industry is working to address that concern. 

While it is probably to early to determine if these market developments will work 
to fully meet consumer privacy needs, it is also too soon to assume that they won’t. 

( 97 ) 
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Another area of concern has been the impact that these new technologies have 
on children. As technology users become increasingly younger, we must be mindful 
of the special needs those users have and work to ensure their privacy is protected. 

I am interested to hear from the FTC today about its ongoing review of the Chil- 
dren’s Online Privacy Protection Act, and how that applies in the mobile space. It 
will also be helpful to hear from the companies on our second panel how they handle 
young customers, and what they do to ensure their privacy is protected. 

One of the most effective means of protecting children is ensuring parents are 
educated about what their kids are doing. That can be a challenge in the technology 
space, as many of todays’ kids know much more about mobile communications than 
their parents ever will. 

There is a real need to provide parents with information that they can trust, that 
is easy to understand, and that is easy to apply in monitoring their children’s activ- 
ity. 

I am interested to hear from all of our witnesses what they are each doing to pro- 
mote consumer education, specifically for parents. 

As legislators, we have an important role in shining light on and investigating im- 
portant issues to consumers. I believe we are appropriately filling that role in rela- 
tions to privacy, and commend the Chairman for his continued commitment to en- 
suring our Committee is educated about these issues. 

It will be important going forward that we continue to learn about this com- 
plicated topic so we can better understand how this complex system works, and 
what the potential ramifications of any new regulatory action would be. 

I want to thank all of our witnesses for being here today, and I look forward to 
a productive hearing. 


Response to Written Questions Submitted by Hon. John F. Kerry to 
David C. Vladeck 

Question 1. What is your general impression of the legislation on privacy that has 
been introduced in Congress thus far? 

Answer. Although the Commission has not taken a position on general privacy or 
Do Not Track legislation, legislation introduced to date, including the Commercial 
Privacy Bill of Rights, the Do Not Track Act of 2011, and the Do Not Track Kids 
Act of 2011, all represent significant progress in addressing important privacy con- 
cerns while ensuring continued robust development and growth of new services. I 
support the fundamental goals of each of these pieces of legislation, respectively, to 
improve transparency and consumer choice over information collection, use, and 
sharing practices, to provide transparency and consumer choice regarding tracking, 
and to provide privacy protections for children and teens. 

Question 2. Your answer to this question is important for helping us frame the 
debate and how you view it. For the record, when a company or organization collects 
someone’s information, do you believe that the information is at that point the col- 
lector’s or is the collector simply a steward of people’s information and that the peo- 
ple on whom information is collected should retain some rights and authority over 
that information? 

Answer. The courts have not spoken on the issue of who owns this data. But re- 
gardless of who legally owns the data, we believe it is in both consumers’ and 
business’s interest for companies to maintain privacy-protective practices. Maintain- 
ing privacy protection can help build consumer trust in the marketplace. To achieve 
this goal, companies should not collect data unless they have a legitimate business 
need to do so; safeguard the data they maintain, in order to keep it from falling 
into the wrong hands; and dispose of it once they no longer have a legitimate busi- 
ness need to keep up. In addition, they should provide consumers with simple ways 
to exercise choices about privacy and make sure that their information collection 
and use practices are transparent. 


Response to Written Questions Submitted by Hon. John F. Kerry to 

Bret Taylor 

Question 1. What is your general impression of the legislation on privacy that has 
been introduced in Congress thus far? 

Answer. At Facebook, we are constantly innovating to give people clear control 
over what they share and with whom. We believe that any legislative or regulatory 
proposal should protect both consumer privacy and the innovation of new products 
and services, which is essential to economic growth and job creation. 
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We are pleased, for example, that the Kerry-McCain legislation acknowledges that 
there is a difference between entities that have an established relationship with 
their users — a relationship that enables users to understand how their data is used 
and hold companies accountable for misuse — and those that may be gathering data 
without a consumer’s knowledge or consent. We do, however, have some remaining 
concerns — for instance, how the bill defines “sensitive information” in a social media 
context where people are proactively sharing information about themselves; how 
limitations on “third parties” could restrict innovation and growth in our vibrant de- 
veloper community; and how various provisions could impact important business 
partner relationships. We look forward to working with your office on these and 
other concerns to ensure that the bill encourages companies to advance users’ un- 
derstanding and control over their information while maintaining providers’ and de- 
velopers’ ability to innovate. 

There have also been a number of proposals in Congress that advocate a “do not 
track” feature. We have concerns about those proposals that focus on data collection 
limitations without regard to the nature of the business relationship and the in- 
tended uses of data. A properly crafted do-not-track proposal would focus on the 
data practices of entities that do not directly engage with users, and that thus are 
not accountable to them. 

In addition, it is essential that any do-not-track implementation specifically define 
what kind of “tracking” is prohibited. Some collection of information might be de- 
fined as “tracking” under a legislative proposal, but might not be a practice that 
users would intend to block by expressing a do-not-track preference. For example, 
a website may use historical login data that it has collected for account security pur- 
poses: if our systems detect login attempts from Belarus for a Facebook account that 
is usually accessed from an IP address in Washington, D.C., the “tracking” that 
alerts us to that situation allows us to activate safeguards intended to ensure that 
the individual accessing the account is in fact the account owner. That “tracking” 
isn’t problematic and shouldn’t be blocked by a user’s do-not-track preference; to the 
contrary, it’s necessary to our efforts to provide a safe and secure service. 

Question 2. Your answer to this question is important for helping us frame the 
debate and how you view it. For the record, when a company or organization collects 
someone’s information, do you believe that the information is at that point the col- 
lector’s or is the collector simply a steward of people’s information and that the peo- 
ple on whom information is collected should retain some rights and authority over 
that information? 

Answer. User privacy, safety, and control are at the center of every product deci- 
sion at Facebook. People control when, how and with what friends, websites and ap- 
plications they want to connect to share their data, and at any time, they can re- 
move that data or break those connections. Users own the information they share 
on Facebook and they can download or delete their data, modify and review their 
privacy and sharing settings at any time, or delete their accounts. 

Question 3. How would you compare what Senator McCain and I are proposing 
to the regime you operate under in Europe or other parts of the world? 

Answer. We are pleased that your proposal attempts to strike a balance between 
user control and economic growth and innovation, both of which are essential. Al- 
though many privacy laws and regulations in Europe and elsewhere also seek this 
balance, we think the critical step made by your legislation is the recognition that 
context matters: a company that has established, direct relationships with its users 
should not be regulated in the same way as entities that collect data as third parties 
to a user-website relationship — entities without a direct relationship to the user who 
may be gathering data without the knowledge or consent of the user and without 
any user control over the data collected. 

As I noted above, we look forward to working with you and Senator McCain to 
ensure that your bill strikes the critical balance between encouraging innovation 
and ensuring people have control over the information they share online. 

Question 4. Mr. Taylor, in your testimony, you state that before you institute pro- 
posed changes to your privacy policy you put them for comment for your users and 
if a threshold of comments is reached, you put the changes out for a vote. And you 
state, “Time and again, Facebook has shown itself capable of correcting course in 
response to individual suggestions and we will continue to be receptive to that feed- 
back.” When you change your privacy policy, does it change how you use or how 
people can access information you have previously collected and if so, shouldn’t that 
require an opt-in choice if there is any question that the change would have affected 
whether or not that person would have given you their information in the first in- 
stance? 



100 


Answer. At Facebook, we’re continually creating innovative tools and experiences 
that deliver new and unique value and benefits. We bring this same spirit of innova- 
tion to communicating with users about our services and giving them tools to under- 
stand exactly how our service works; we want people on Facebook to be able make 
informed decisions about whether to use Facebook and what to share with their 
friends and the world around them. 

As you noted in your question, before we institute changes to our privacy policy, 
we present the proposed changes to our users and offer them an opportunity to com- 
ment on them. If there is significant engagement on the proposal, we put it to a 
vote of all Facebook users; even if a vote isn’t triggered by the comment process, 
we review and are receptive to the feedback we receive. We believe that this notice 
and comment process — which notifies people about proposed changes and gives them 
an opportunity to comment on them before they take effect — is unique in the indus- 
try. 

We also recently announced — and invited feedback on — a new format for our pri- 
vacy policy that we think can serve as a model for the industry. This new format 
involves interactive features, tips, and educational materials, all of which are de- 
signed to make our privacy policy not only informative and accurate, but easily un- 
derstandable as well. So far, the feedback on this “privacy policy 2.0” has been over- 
whelmingly positive, and we expect to formally adopt that new format in the near 
future. Right now, these initiatives stand alone in the industry, but we hope that 
our efforts in this area — both our notice-and-comment process and our reformatted 
privacy policy — can serve as a model for other companies that, like us, want to go 
the extra mile in communicating with users about how they use information. 

Most revisions to our privacy policy attempt to better explain our practices to 
users: as our products and services evolve, so do our notices. It is rarely the case 
that we would revise our privacy policy in a manner that would enable us to retro- 
actively change the audience that can view information that has already been 
shared on Facebook. With that said, should a change materially alter something 
fundamental about how we access, collect, or use information that has previously 
been shared on Facebook, we would consider additional notice and consent mecha- 
nisms. This is a fact specific analysis, based on the practices and the services of- 
fered. 

It is also important to note that outside the confines of our privacy policy, we rou- 
tinely communicate how products work through “roosters” that update users about 
new or enhanced features either when the users arrive on Facebook or when they 
use a particular product. How these special messages are distributed — appearing on 
the top right corner of the homepage, through Facebook messages, through blog 
posts, or other communication channels — is a highly contextual, fact-specific ques- 
tion. But be assured that we don’t hesitate to use those options when we determine 
that changes should be explained so that people understand the products we provide 
and any information sharing or use associated with those products. 

Question 5. When a Facebook user visits one of your partner sites, say the New 
York Times, are they ever tracked on that website in a way that is not visible and 
known to them? 

Answer. Privacy is a responsibility we share with our global community of users, 
advertisers, and the developers of applications and websites that connect to our 
Platform. As part of this shared responsibility, we believe that everyone who partici- 
pates on the Facebook Platform should commit to the same robust standards of 
transparency and user control. 

Your question specifically relates to websites that connect with the Facebook Plat- 
form. When a third party deploys a Facebook social plugin on its website, it does 
so to enable its viewers to link their on-site experience with their Facebook experi- 
ence. These features allow users to interact and share in ways never before possible 
through Facebook technology that allows logged-in Facebook users to interact di- 
rectly with Facebook while on the third party site. For direct interactions (e.g., by 
clicking a like or recommend button), the user is interacting with Facebook the 
same way she would if she was on facebook.com. In cases where someone visits a 
third party site and does not “interact” with the social plugin, Facebook only uses 
collected information to generate anonymous or aggregate reports, which are used 
to learn more about the Internet and make our products and services better. 

Facebook’s terms prohibit website or application developers who integrate with 
the Facebook Platform from directly or indirectly transferring any Facebook user 
data to third parties such as ad networks, data brokers, and the like. Except for 
limited basic account information, which along with all data is subject to the devel- 
oper’s privacy policy, the data accessed through Facebook when a Facebook user 
connects to an application may only be used within the application unless the user 
provides express consent to the application. 
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Questions about any data collection or tracking that websites other than Facebook 
might engage in are, of course, best directed to those websites. The New York Times, 
for example, has a lengthy privacy policy that includes a comprehensive discussion 
entitled “What Information Do We Gather About You?” 1 When Facebook users visit 
the New York Times website, non-Facebook actions taken on the site — clicking ads 
or filling out forms, for example — are governed by the New York Times’ privacy poli- 
cies, not Facebook’s. However, for our part, we require that developers that inte- 
grate with the Facebook Platform post and adhere to their own privacy policy that 
tells users what user data they are going to collect and how they will use, display, 
share, or transfer that data. 

Question 6. Mr. Taylor, Facebook has grown to more than 600 million users. I 
don’t think that there is another social network that comes close in terms of size 
and scope. Doesn’t that mean that if you want to access this world of people with 
all the benefits you list, then you don’t really have a choice just to switch to another 
social network if Facebook privacy practices cause you concern right? 

Answer. People unquestionably have choice when it comes to connecting with oth- 
ers and expressing themselves online. Hundreds of millions of people use services 
other than Facebook to connect, to micro-blog, to share photos and other details of 
their lives, and to identify and consume content online and off. In the U.S., these 
services include Twitter, Linkedln, MySpace, Diaspora, Picasa, Tumblr, Blogger, 
Wordpress, Path, Ping, Foursquare, Gowalla, and many others. Internationally, 
Orkut, Tuente, Studi VZ, V Kontakte, Ren Ren and a host of others are popular 
and growing quickly. 

As recently as two years ago, MySpace was perceived to be the nation’s leading 
social network and Facebook was the upstart. Virtually every day, the media reports 
news of another social media initiative — either from established technology compa- 
nies such as Google or Apple, or from new, aggressive, and often well-funded com- 
petitors. Facebook, in short, operates in a robustly competitive environment that 
keeps us highly motivated to innovate and to continue providing people with serv- 
ices they find meaningful. 

We have developed the Facebook Platform in a manner that enhances competition 
and fosters that motivation. As I explained in my testimony, the Facebook Platform 
is, at a conceptual level, modeled on the open architecture of the Internet. We per- 
mit — indeed, encourage — developers to launch applications that provide users with 
new and innovative social experiences, even where those experiences are similar to 
features we provide on facebook.com. To pick just one example, numerous location- 
sharing services — Foursquare and Gowalla, to name some — have integrated with the 
Facebook Platform, which has helped them grow. Those services directly compete 
with our own location-sharing service, and their presence on the Facebook Platform 
provides additional assurance that we will remain highly competitive and innova- 
tive. If we don’t — not just in location sharing, but also in photos, messaging, micro- 
blogging, and other services — users will go elsewhere. 

The same is true with respect to the privacy controls we provide to users. 
Facebook’s mission is to make the world more open and connected. The explosive 
growth of Facebook and the many sharing sites listed above shows that people 
around the world believe in that goal as well: people want to share, they want to 
stay connected with their friends and families, and they want to feel connected to 
the world around them. We think that the best way to encourage that sharing is 
by giving users control over what and how they share, and with whom. 

We care deeply about privacy, and we are continually innovating to make controls 
clearer, more direct, and easier to find and use. We think that’s the right thing to 
do, and, at least as important, staying competitive demands it. If we stumble — ei- 
ther because our service is not engaging or because people believe they lack con- 
trol — they will turn elsewhere. Although there are many other websites that offer 
social networking services, we are committed to leading the charge in the industry 
in how people control their information, and we think the user trust that results 
from that leadership is one of the key reasons we have been successful to date. Peo- 
ple tacitly acknowledge these efforts with continued use of our product, and they 
explicitly acknowledge it too: an October 2010 study by TRUSTe indicated that the 
vast majority of parents and teens understand how privacy works on Facebook. 

But as your question acknowledges, we can’t please everyone. Although we think 
there are enormous benefits to being a part of our open and connected global net- 
work, those benefits are predicated on a willingness to share some basic information 
and connect with others. Some people are resistant to sharing and connecting on- 
line, and they may be uncomfortable with even the very limited mandatory informa- 


http . 7 / www.nytimes.com / content /help / rights i privacy / policy / privacy-policy.html. 
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tion that is displayed on every account. We feel that it isn’t a lack of competition 
that prevents those individuals from enjoying the benefits of Facebook and other so- 
cial media. 

That said, as I mentioned before, we are always working to make our privacy con- 
trols more powerful and easier to use and understand, so that even people who may 
have reservations about sharing at the outset — or those with less sophisticated 
Internet and computer skills — feel comfortable on Facebook. That continuous im- 
provement and user education are essential for our business in a competitive and 
rapidly changing market, and they are a critical part of our mission to make the 
world more open and connected. 


Responses to Written Questions Submitted by Hon. John F. Kerry to 

Morgan Reed 

Question 1. What is your general impression of the legislation on privacy that has 
been introduced in Congress thus far? 

Answer. Currently, Congress is considering at least 7 different privacy related 
bills, ranging from narrow bills dealing with just geolocation, to more comprehensive 
privacy efforts. Given the broad scope, it seems best to talk about the characteristics 
found in the legislation that are beneficial to our technology ecosystem, and those 
that may hinder us: 

Most of the bills in Congress today take a technology focused, rather than data 
focused, approach. With the exception of the Kerry-McCain bill, nearly all other pri- 
vacy legislation in the 112th Congress begins from the premise that new technology 
somehow requires new or different law. he fact remains that your location is tracked 
by the swipecard at the grocery store even though a smartphone with GPS was 
never used — and I am not required to “opt-in” anew every time use my customer 
card even though it is collecting my location data. Likewise, mail-order catalogs are 
often tailored to each recipient, despite any “opt-in” preferences or requests from the 
resident. We believe the holistic approach represented in Kerry-McCain is more ef- 
fective, and does not disadvantage new technologies. 

Many of the bills in Congress do not adequately address the need for FTC re- 
sources to enforce new provisions, at the same time the FTC is not even beginning 
to fully enforce existing privacy laws like COPPA. Since passage of COPPA in 2000, 
the FTC has brought roughly a dozen actions against high profile sites, barely more 
than one a year. Yet FTC’s inaction has not been because the Web has become a 
perfectly compliant environment. Every child advocacy group could provide Congress 
a list of dozens of non-COPPA compliant sites run by legitimate organizations — the 
FTC simply lacks the resources to build a case and prosecute the violators. 

Finally, some of the legislation, specifically bills addressing “Do Not Track” create 
technologically unworkable, and potentially deceptive problems. This is because a 
Do Not Track list is very different from the highly successful Do Not Call list. Since 
consumers have few phone numbers, and such numbers are static, it was easily im- 
plemented. On the other hand, a Do Not Track list requires the collection of infor- 
mation about every Web browser, mobile device, and application a consumer uses. 
This can be dozens if not hundreds of different identifiers. Furthermore, these are 
not static values in the same way a phone number is; consumers and developers 
can change and delete software cache and preferences. Also, FTC Commissioners 
have raised concerns that use of “Do Not Track” may be deceptive 1 since under a 
Do Not Call, the consumer receives no advertisements. However, under a Do Not 
Track, the consumer still sees ads, perhaps more ads, just not ones that are based 
on their interests. 

We ask that when deciding how to proceed, you remember that the provision of 
many of the $1 or free applications available to users is predicated on the collection, 
use, and sharing of non-sensitive information by the default. We support a cus- 
tomers’ right to opt-out of such collection, but many of the bills allow the FTC to 
determine the default for consent to the sharing of non-sensitive information with 
third parties. Since the FTC is on record as expressing that the default should be 
an “opt-in” to consent, 2 this would force apps developers to charge higher prices, 
provide less content, or even stop developing. Furthermore, the default opt-in re- 
quirement locks in existing businesses’ control of the market while inhibiting new 


1 See FTC Staff Report, Protecting Consumer Privacy in an Era of Rapid Change: A Proposed 
Framework for Business and Policymakers, Concurring Statement of Commissioner J. Thomas 
Rosch, page E-l. 

2 See Comments of Jessica Rich, Deputy Director of the FTC’s Bureau of Consumer Protection 
on Google-Buzz Settlement. 
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entrants. Under an opt-in regime, established businesses can more easily completely 
consumers to opt-in to data sharing. And other large businesses like Google, can 
simply purchase third parties, making them first parties, completely circumventing 
any laws preventing third-party sharing. 

Question 2. Your answer to this question is important for helping us frame the 
debate and how you view it. For the record, when a company or organization collects 
someone’s information, do you believe that the information is at that point the col- 
lector’s or is the collector simply a steward of people’s information and that the peo- 
ple on whom information is collected should retain some rights and authority over 
that information? 

Answer. The question of information ownership vs. information stewardship de- 
pends in large part on the type of information held. It is important to note that even 
within the context of information regarding an individual’s use of a product, sen- 
sitive data (financial or health) is already governed by separate laws (GLB and 
HIPPA respectively). 

Ownership confers a property right that often cannot truly be executed on infor- 
mation that may be in the public domain. It’s like the old riddle, “What is very per- 
sonal that you share with everyone and everyone else uses more than you? Your 
name.” I can’t ban its use by others, I can’t stop people from calling it to me in pub- 
lic, yet I think most of us feel some level of possession over our name. Therefore 
information about a person is hard to structure in the same way we would “owner- 
ship” of the shovel that sits in my garage. 

The courts, however, have determined that certain intellectual property rights do 
accrue to information about something or someone that has been merged with other 
data to create a new information product. Analysts can look at public business 
records and then combine that information with independent research to create a 
copyrightable product. Other court cases have addressed the ownership of customer 
lists, and the treatment of such data as an asset. Finally, FASB has rules governing 
the treatment of customer lists as an asset. 3 Therefore, we see information per- 
taining to how a consumer uses my product as the property of the business. 

The product’s creator is allowed to know and keep the information that you used 
the product, and what specifically you did while you were using the product. For 
example if it’s a Web page, the developer of the page should be allowed to know 
what pages have been visited by what IP addresses, or for a mobile game developer 
to know what level you’ve finished. If the site or game provides for registering, then 
it is reasonable and fair for the product’s creator to keep the information that 
“Jane@smith.com has made it to level 12”. 

The next category of information is “reference data.” Information that might not 
be about the use of my product, but which companies are allowed to collect and 
maintain control. For example, you cannot be allowed to own information to the de- 
gree that you could remove just the problem areas in a credit report, or to submit 
a false address into the DMV. However, there is a need for the organizations and 
companies that collect “reference data” to keep the information accurate, and have 
reasonable procedures to correct data that is wrong. Companies in this regard may 
still own the data, but have greater responsibility to allow me to see the data they 
possess. For that reason, Congress has passed FCRA, GLB, HIPPA and other legis- 
lation that grants the person whose data is in question to play a part in ensuring 
accuracy. 

One of the more interesting questions regarding “ownership” deals with location 
information. The news reports regarding the collection of GPS information on mobile 
devices is a bit unnerving, but do I “own” my location? If I am standing in front 
of the grocery store and a friend sees me, do I “own” that bit of information? When 
I use my grocery store swipecard inside the store, which stores the time of my pur- 
chase as well as the location of the store (and even the specific register I passed 
though), do I own that? In both cases the answer is no. When standing outside on 
the street, I have no expectation of privacy; I expect that others can see me. And 
when I sign up for a swipecard, I expect that the grocery store is going to collect, 
and even sell, the information. This example holds true for mobile devices. Apps 
that broadcast my location as part of their key functionality is the same as standing 
on the street — I expect that I will be seen, and even desire it. An app that uses ad- 
vertising as the funding mechanism, and alerts me to the collection of location infor- 
mation, is like a swipecard that gives me discounted prices in exchange for my infor- 
mation. 

Note that this information in question is often given to the recipient from the user 
in return for services from the recipient. For example, the a user will give the Wash- 


3 FASB 141 (ASC 805) 
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ington Post their e-mail address, zip code, gender, birth year, job industry, title, and 
responsibility in exchange for access to the Washington Post’s content. In essence, 
the Washington Post is buying the rights to this content from the user for the price 
of the newspaper’s content. Likewise, using a “Savings Card” at Safeway enables 
the store to collect information about users’ buying habits and then resell that infor- 
mation. Safeway then gives some of the earned money back to consumers through 
discounted products. 

By allowing this transaction, we allow users to monetize their personal informa- 
tion and trade it for goods and services. 

Question 3. Mr. Reed, in your testimony you question the need for new legislation 
given the FTC’s current authority and you argue against a new law that only tar- 
gets app providers. I agree that our work should be comprehensive but have some 
questions for you about the adequacy of the FTC’s current authority. Is it your opin- 
ion that app providers today are complying with fair information practice principles 
absent any new law? 

Answer. Most apps developers are making best efforts to ensure the proper collec- 
tion, use, and protection of consumers’ data. They are undertaking this not pri- 
marily because of the legal ramifications, but more significantly the business impli- 
cations that come with a breach of customer trust. Apps developers know that the 
trust of the their customers is paramount, especially with so many competitors in 
the market. 

The focus of The United States Federal Trade Commission’s Fair Information 
Practice Principles (FIPs) has always been on those who actually collect data, and 
independent research shows that the vast majority of mobile apps do not collect any 
personal data; thereby complying with FIPs. That said, some areas of data collection 
are unclear, and we all await the upcoming FTC rulemaking to help developers un- 
derstand how best to follow the FIPs, for those apps developers who still need to 
improve their compliance, ACT is developing methods to assist them. 

ACT is releasing this upcoming week its Privacy Policy Guidelines for Apps Devel- 
opers. ACT will follow up with model privacy policies. Finally, ACT is creating a 
custom privacy policy generator for apps developers. 

Question 3a. Does the FTC have the authority to mandate that app providers se- 
cure the information they collect or provide consumers with specific information 
about why that information is collected and how it will be used and distributed? 

Answer. First, the information we are talking about here is non-financial, non- 
health information (that is already covered under GLB and HIPPA). So really, the 
question is, does the FTC have authority over non-sensitive information that apps 
developers collect. 

I believe the FTC already has the requisite authority to ensure that apps devel- 
opers properly treat the non-sensitive information they collect under section 5 of the 
FTC Act. This is supported by the FTC Staff Report — Protecting Consumer Privacy 
in an Era of Rapid Change: A Proposed Framework for Business and Policymakers — 
Concurring Statement of Commissioner J. Thomas Rosch: 

Moreover, Section 5 liability could not be avoided by eschewing a privacy notice 
altogether both because that would generally be competitive suicide and be- 
cause that course would be deceptive in that it would entail a failure to disclose 
material facts. 

A privacy notice that is opaque or fails to disclose material facts (such as the 
fact that consumer information may be shared with third parties) is deceptive 
under Section 5. That is particularly true if the sharing of the information may 
cause tangible harm. Moreover, Section 5 liability could not be avoided by es- 
chewing a privacy notice altogether both because that would generally be com- 
petitive suicide and because tbat course would be deceptive in that it would en- 
tail a failure to disclose material facts. 

Therefore the FTC can and does already have the authority to ensure that data 
is properly protected, even when collected by apps developers. 


Response to Written Questions Submitted by Hon. John F. Kerry to 
Catherine A. Novelli 

Question 1. What is your general impression of the legislation on privacy that has 
been introduced in Congress thus far? 

Answer. As we outlined in detail in our May 19, 2011 testimony, Apple has dem- 
onstrated an unwavering commitment to giving our own customers clear and trans- 
parent notice, choice and control over their personal information. Apple has adopted 
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a single comprehensive privacy policy for all its businesses and products, including 
the iTunes Store and the App Store. Apple’s Privacy Policy, written in easy-to-read 
language, details what information Apple collects and how Apple and its partners 
and licensees may use the information. The Policy is available from a link on every 
page of Apple’s website. 

While Apple does not have a public position on any specific privacy legislation cur- 
rently before the Congress, we do strongly agree that any company or organization 
with access to customers’ personal information should give its customers clear and 
transparent notice, choice and control over their information. We have made this a 
strict licensing requirement for all of our app developers. We also share your con- 
cerns about the potential misuse of all customer data, and we believe that we have 
instituted policies and procedures that encourage third-party app developers to go 
well beyond disclosures written in an online privacy policy. Apple remains com- 
mitted to working with the Congress, as well as with our technology industry col- 
leagues and our trade associations in the private sector, to continue to identify the 
very best approaches for addressing consumer online privacy protections. 

Question 2. Your answer to this question is important for helping us frame the 
debate and how you view it. For the record, when a company or organization collects 
someone’s information, do you believe that the information is at that point the col- 
lector’s or is the collector simply a steward of people’s information and that the peo- 
ple on whom information is collected should retain some rights and authority over 
that information? 

Answer. As stated in Apple’s response to “Witnesses Question 1” above, Apple is 
committed to giving our customers clear and transparent notice, choice and control 
over their personal information. Apple agrees further that any company or organiza- 
tion with access to customers’ personal information should give its customers clear 
and transparent notice, choice and control over their information. We have made 
this a strict licensing requirement for all of our app developers. 

Apple has taken steps to help customers understand where their information is 
going and to provide customers with greater control over it. As stated clearly in our 
Privacy Policy, Apple makes it quite easy for our customers to access their own per- 
sonal information provided to Apple. We provide our customers with secure access 
to their Apple account information to help ensure that the information is accurate, 
complete and up to date. We state clearly that we only retain information for the 
period of time necessary to fulfill the purposes outlined in our Privacy Policy unless 
a longer retention period is required or permitted by law. 

Equally important, Apple takes precautions — including administrative, technical 
and physical measures — to safeguard our customers’ personal information against 
loss, theft, and misuse, as well as against unauthorized access, disclosure, alter- 
ation, and destruction. To make sure personal information remains secure, we com- 
municate our privacy policy and security guidelines to Apple employees and strictly 
enforce privacy safeguards within the company. 

Apple is always investigating new ways to improve our customers’ experiences, in- 
cluding helping customers learn more about Apple’s privacy policy and the privacy 
protections available on Apple mobile devices. 

Question 3. Ms. Novelli, Apple has a good story to tell about the privacy protec- 
tions it applies for its direct customers. In your testimony, you list 9 bullet points 
of privacy requirements that you impose on third party application developers for 
them operate on your platform. Is it your position that consumers do not have to 
worry about their information being distributed without their knowledge or consent 
by app providers because of the licensing agreement that those developers sign with 
you? 

Answer. As we detailed in our May 19, 2011 testimony, Apple believes strongly 
that all third-party app developers with apps that collect information from users 
must provide clear and complete information to customers regarding the collection, 
use and disclosure of any user or device data. We not only make this mandatory 
in our licensing agreements, we also have documented in the App Store Review 
Guidelines a set of technical, content, and design criteria that every app must sat- 
isfy before Apple will accept the app for inclusion in the App Store. A copy of the 
Guidelines is attached to these responses. 

Under these Guidelines, apps cannot transmit data about a user without obtain- 
ing the user’s prior permission and providing the user with access to information 
about how and where the data will be used. Further, we strictly prohibit the use 
of any analytics software in an application that collects and sends device data to 
a third party. Apps submitted to Apple for inclusion in the App Store that fail to 
meet these requirements are returned to the developer and are not offered in the 
App Store until the deficiencies are corrected. 
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Once an app is downloaded, the user’s exchange of personal information within 
that app is between the user and the app developer. We make this clear in our pri- 
vacy policy that once an app has been downloaded from the App Store, the informa- 
tion exchanged between the user and the app is governed by the privacy practices 
of the app’s developer. 

At the same time, Apple employees from several internal groups, or teams, are 
responsible for addressing issues that arise with apps that are available in the App 
Store. In addition to our own internal scrutiny, Apple relies heavily on communica- 
tions from other App Store users, competitors, and industry observers to alert Apple 
of an app that is operating outside of Apple’s Guidelines. Whenever such a case is 
brought to Apple’s attention, either through internal vigilance or by an external 
party, Apple investigates and provides the developer with an opportunity to reme- 
diate. If no correction is made, Apple removes the app from the App Store. 

Question 4. You state that as part of the licensing agreement, app developers have 
to explain their privacy practices to users yet both the WSJ and the Future of Pri- 
vacy Forum have found that a significant percentage of app providers have no pri- 
vacy policy at all. How do you reconcile those two facts? 

Answer. As we stated in our May 19, 2011 testimony, Apple launched the App 
Store in July 2008 where customers may shop and acquire applications offered by 
third-party developers for the iPhone, iPad and iPod touch. As of June 6, 2011, the 
App Store includes more than 425,000 third-party applications covering a wide vari- 
ety of areas including news, games, music, travel, health, fitness, education, busi- 
ness, sports, navigation and social networking. Because the overwhelming majority 
of these apps do not collect any information whatsoever from any user at any time, 
Apple has not mandated that its third-party developers incur both the legal expense 
and the burdensome administrative costs associated with issuing and maintaining 
a privacy policy unnecessarily — an expense that could well be prohibitive for a small 
struggling software developer or a teenager in his bedroom with only a MacBook 
and an idea. 

For those apps that do collect information, however, our licensing agreement with 
developers prohibits any application from collecting user or device data without 
prior user consent. We also make it abundantly clear in our licensing agreement 
that developers, irrespective of size of business or age, must provide clear and com- 
plete information to users regarding their apps’ collection, use and disclosure of user 
or device data. While many developers comply simply by adding a link to their on- 
line privacy policy, others have chosen to disclose this information by adding a pop- 
up dialogue box for the user to see when launching the app for the first time. We 
strictly prohibit the use of any analytics software in an application that collects and 
sends device data to a third party. Our licensing agreement also requires that apps 
comply with all applicable privacy and data collection laws and regulations regard- 
ing the use or transmission of user and device data, including location-based infor- 
mation. Apple’s requirements are intended to provide the user with the most useful 
information that meets our strict transparency and disclosure requirements, but we 
also have chosen not to dictate the means by which that information is delivered 
to the user. 

Because location information can be particularly sensitive, in addition to all the 
developer privacy and collection disclosure requirements described above, Apple has 
built a feature directly into the iOS that requires explicit customer consent when 
any application requests location-based information for the first time. When an ap- 
plication requests the information, a dialog box appears stating: “[Application] 
would like to use your current location.” The customer is asked: “Don’t Allow” or 
“OK.” If the customer clicks on “Don’t Allow,” no location-based information will be 
provided to the application. This iOS dialogue box is mandatory — neither Apple’s 
applications nor those of third parties are permitted to override it. For those cus- 
tomers that consent to allow an app to use their location information, an arrow 
glyph alerts them in real-time that an application is using or has recently used loca- 
tion-based information. Again, as we explained in more detail in our May 19, 2011 
testimony, this consent for location services by an app can be given and rescinded 
on an app-by-app basis quite easily, and very transparently. 

Question 5. Shouldn’t all collectors of people’s information be bound by fair infor- 
mation practice principles as a matter of law and if not, why not? 

Answer. Once again, as we outlined in detail in our May 19, 2011 testimony and 
in response to Question 1 above, Apple clearly has demonstrated an unwavering 
commitment to giving our own customers clear and transparent notice, choice and 
control over their personal information. We believe our products do this in a simple 
and elegant way. While Apple does not have a public position on any specific privacy 
legislation currently before the Congress, we do strongly agree that any company 
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or organization with access to customers’ personal information should give its cus- 
tomers clear and transparent notice, choice and control over their information. We 
have made this a strict licensing requirement for all of our app developers. We also 
share the Committee’s concerns about the potential misuse of all customer data, and 
we believe that we have instituted policies and procedures that encourage third- 
party app developers to go well beyond disclosures written in an online privacy pol- 
icy. Apple remains committed to working with the Congress, as well as with our 
technology industry colleagues and our trade associations in the private sector, to 
continue to identify the very best approaches for addressing consumer online privacy 
protections. 

Question 6. In your testimony you state that Apple reviews all applications prior 
to adding them to the App store to ensure that they run properly and do not contain 
malicious code. Could you not also check whether they have a privacy policy with 
stated practices that comply with your licensing agreement? 

Answer. Apple does check whether apps submitted for approval comply with the 
terms of our licensing agreement. For the reasons outlined in detail in our response 
to Question 4 above, Apple does not require a written privacy policy from developers 
when an app does not collect information from users. Again, for those apps that do 
collect information, Apple’s app developer privacy requirements are intended to pro- 
vide the user with the most useful information that meets our strict transparency 
and disclosure requirements, but we also have chosen not to dictate the means by 
which that information is delivered to the user. 

Apple performs a rigorous review of every app submitted based on a set of tech- 
nical, content and design criteria. The review criteria are documented in Apple’s 
App Store Review Guidelines for iOS apps, which is made available to every app 
developer. The Guidelines include myriad requirements, including requirements 
about an app’s functionality, and use of location or personal information. For exam- 
ple, the Guidelines state that: 

4. Location 

4.1 Apps that do not notify and obtain user consent before collecting, transmitting, 
or using location data will be rejected 

4.4 Location data can only be used when directly relevant to the features and 
services provided by the app to the user or to support approved advertising uses 

16. Objectionable content 

16.1 Apps that present excessively objectionably or crude content will be rejected 

16.2 Apps that are primarily designed to upset or disgust users will be rejected 


17. Privacy 

17.1 Apps cannot transmit data about a user without obtaining the user’s prior 
permission and providing the user with access to information about how and where 
the data will be used 

17.2 Apps that require users to share personal information, such as e-mail ad- 
dress and data of birth, in order to function will be rejected 

17.3 Apps that target minors for data collection will be rejected 


18 Pornography 

18.1 Apps containing pornographic material, defined by Webster’s Dictionary as 
“explicit descriptions or displays of sexual organs or activities intended to stimulate 
erotic rather than aesthetic or emotional feelings,” will be rejected 

18.2 Apps that contain user generated content that is frequently pornographic (ex 
“Chat Roulette” alls) will be rejected 

On average, Apple rejects approximately 30 percent of the apps initially submitted 
for consideration. The most common reasons for rejection relate to functionality 
issues, such as the app crashing, exhibiting bugs, or not performing as advertised 
by the developer. But Apple will reject an app for violating any of the criteria set 
forth in the Guidelines and/or any of the provisions of the developer’s agreements 
with Apple. 

When Apple rejects an app, most developers respond by correcting the issue or 
issues that led to Apple rejection so that the app may ultimately be accepted. Apple 
will not, however, accept any app in the App Store unless and until the developer 
and app are in full compliance with Apple’s criteria and the developer agreements. 

Similarly, Apple will remove from the App Store any app that is determined to 
be in violation of any of these requirements. Some of the most common reasons for 
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removal of an app from the App Store relate to an app’s violation of some other par- 
ty’s intellectual property rights, violation of some law, or use of objectionable con- 
tent. 

[Apple’s App Store Review Guidelines are offered below.] 

App Store Review Guidelines 
Introduction 

We’re pleased that you want to invest your talents and time to develop applica- 
tions for iOS. It has been a rewarding experience — both professionally and finan- 
cially — for tens of thousands of developers and we want to help you join this suc- 
cessful group. We have published our App Store Review Guidelines in the hope that 
they will help you steer clear of issues as you develop your app and speed you 
through the approval process when you submit it. 

We view Apps different than books or songs, which we do not curate. If you want 
to criticize a religion, write a book. If you want to describe sex, write a book or a 
song, or create a medical app. It can get complicated, but we have decided to not 
allow certain kinds of content in the App Store. It may help to keep some of our 
broader themes in mind: 

• We have lots of kids downloading lots of apps, and parental controls don’t work 
unless the parents set them up (many don’t). So know that we’re keeping an 
eye out for the kids. 

• We have over 350,000 apps in the App Store. We don’t need any more Fart 
apps. If your app doesn’t do something useful or provide some form of lasting 
entertainment, it may not be accepted. 

• If your App looks like it was cobbled together in a few days, or you’re trying 
to get your first practice App into the store to impress your friends, please brace 
yourself for rejection. We have lots of serious developers who don’t want their 
quality Apps to be surrounded by amateur hour. 

• We will reject Apps for any content or behavior that we believe is over the line. 
What line, you ask? Well, as a Supreme Court Justice once said, “I’ll know it 
when I see it”. And we think that you will also know it when you cross it. 

• If your app is rejected, we have a Review Board that you can appeal to. If you 
run to the press and trash us, it never helps. 

• If you attempt to cheat the system (for example, by trying to trick the review 
process, steal data from users, copy another developer’s work, or manipulate the 
ratings) your apps will be removed from the store and you will be expelled from 
the developer program. 

• This is a living document, and new apps presenting new questions may result 
in new rules at any time. Perhaps your app will trigger this. 

Lastly, we love this stuff too, and honor what you do. We’re really trying our best 
to create the best platform in the world for you to express your talents and make 
a living too. If it sounds like we’re control freaks, well, maybe it’s because we’re so 
committed to our users and making sure they have a quality experience with our 
products. Just like almost all of you are too. 
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20. Contests, sweepstakes, lotteries, and raffles 

21. Charities and contributions 

22. Legal requirements 

1. Terms and conditions 

1.1 As a developer of applications for the App Store you are bound by the terms of the Pro- 
gram License Agreement (PLA), Human Interface Guidelines (HIG), and any other li- 
censes or contracts between you and Apple. The following rules and examples are in- 
tended to assist you in gaining acceptance for your app in the App Store, not to amend 
or remove provisions from any other agreement. 

2. Functionality 

2.1 Apps that crash will be rejected 

2.2 Apps that exhibit bugs will be rejected 

2.3 Apps that do not perform as advertised by the developer will be rejected 

2.4 Apps that include undocumented or hidden features inconsistent with the description of 
the app will be rejected 

2.5 Apps that use non-public APIs will be rejected 

2.6 Apps that read or write data outside its designated container area will be rejected 

2.7 Apps that download code in any way or form will be rejected 

2.8 Apps that install or launch other executable code will be rejected 

2.9 Apps that are “beta”, “demo”, “trial”, or “test” versions will be rejected 

2.10 iPhone apps must also run on iPad without modification, at iPhone resolution, and at 
2X iPhone 3GS resolution 

2.11 Apps that duplicate apps already in the App Store may be rejected, particularly if there 
are many of them, such as fart, burp, flashlight, and Kama Sutra apps. 

2.12 Apps that are not very useful, are simply websites bundled as apps, or do not provide 
any lasting entertainment value may be rejected 

2.13 Apps that are primarily marketing materials or advertisements will be rejected 

2.14 Apps that are intended to provide trick or fake functionality that are not clearly 
marked as such will be rejected 

2.15 Apps larger than 20MB in size will not download over cellular networks (this is auto- 
matically prohibited by the App Store) 

2.16 Multitasking apps may only use background services for their intended purposes: VoIP, 
audio playback, location, task completion, local notifications, etc. 

2.17 Apps that browse the web must use the iOS WebKit framework and WebKit Javascript 

2.18 Apps that encourage excessive consumption of alcohol or illegal substances, or encour- 
age minors to consume alcohol or smoke cigarettes, will be rejected 

2.19 Apps that provide incorrect diagnostic or other inaccurate device data will be rejected 

2.20 Developers “spamming” the App Store with many versions of similar apps will be re- 
moved from the iOS Developer Program 

2.21 Apps that are simply a song or movie should be submitted to the iTunes store. Apps 
that are simply a book should be submitted to the iBookstore. 

2.22 Apps that arbitrarily restrict which users may use the app, such as by location or car- 
rier, may be rejected 

3. Metadata (name, descriptions, ratings, rankings, etc.) 

3.1 Apps or metadata that mentions the name of any other mobile platform will be rejected 

3.2 Apps with placeholder text will be rejected 

3.3 Apps with descriptions not relevant to the application content and functionality will be 

rejected 

3.4 App names in iTunes Connect and as displayed on a device should be similar, so as not 
to cause confusion 

3.5 Small and large app icons should be similar, so as to not to cause confusion 

3.6 Apps with app icons and screenshots that do not adhere to the 4+ age rating will be re- 

jected 

3.7 Apps with Category and Genre selections that are not appropriate for the app content 
will be rejected 

3.8 Developers are responsible for assigning appropriate ratings to their apps. Inappro- 
priate ratings may be changed/deleted by Apple 

3.9 Developers are responsible for assigning appropriate keywords for their apps. Inappro- 
priate keywords may be changed/deleted by Apple 

3.10 Developers who attempt to manipulate or cheat the user reviews or chart ranking in 
the App Store with fake or paid reviews, or any other inappropriate methods will be re- 
moved from the iOS Developer Program 
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3.11 Apps which recommend that users restart their iOS device prior to installation or 
launch may be rejected 

3.12 Apps should have all included URLs fully functional when you submit it for review, 
such as support and privacy policy URLs 

4. Location 

4.1 Apps that do not notify and obtain user consent before collecting, transmitting, or using 
location data will be rejected 

4.2 Apps that use location-based APIs for automatic or autonomous control of vehicles, air- 
craft, or other devices will be rejected 

4.3 Apps that use location-based APIs for dispatch, fleet management, or emergency serv- 
ices will be rejected 

4.4 Location data can only be used when directly relevant to the features and services pro- 
vided by the app to the user or to support approved advertising uses 

5. Push notifications 

5.1 Apps that provide Push Notifications without using the Apple Push Notification (APN) 
API will be rejected 

5.2 Apps that use the APN service without obtaining a Push Application ID from Apple will 
be rejected 

5.3 Apps that send Push Notifications without first obtaining user consent will be rejected 

5.4 Apps that send sensitive personal or confidential information using Push Notifications 
will be rejected 

5.5 Apps that use Push Notifications to send unsolicited messages, or for the purpose of 
phishing or spamming will be rejected 

5.6 Apps cannot use Push Notifications to send advertising, promotions, or direct marketing 
of any kind 

5.7 Apps cannot charge users for use of Push Notification 

5.8 Apps that excessively use the network capacity or bandwidth of the APN service or un- 

duly burden a device with Push Notifications will be rejected 

5.9 Apps that transmit viruses, files, computer code, or programs that may harm or disrupt 
the normal operation of the APN service will be rejected 

6. Game Center 

6.1 Apps that display any Player ID to end users or any third party will be rejected 

6.2 Apps that use Player IDs for any use other than as approved by the Game Center terms 

will be rejected 

6.3 Developers that attempt to reverse lookup, trace, relate, associate, mine, harvest, or 
otherwise exploit Player IDs, alias, or other information obtained through the Game 
Center will be removed from the iOS Developer Program 

6.4 Game Center information, such as Leaderboard scores, may only be used in apps ap- 
proved for use with the Game Center 

6.5 Apps that use Game Center service to send unsolicited messages, or for the purpose of 
phishing or spamming will be rejected 

6.6 Apps that excessively use the network capacity or bandwidth of the Game Center will 
be rejected 

6.7 Apps that transmit viruses, files, computer code, or programs that may harm or disrupt 
the normal operation of the Game Center service will be rejected 

7. iAds 

7.1 Apps that artificially increase the number of impressions or click-throughs of ads will 
be rejected 

7.2 Apps that contain empty iAd banners will be rejected 

7.3 Apps that are designed predominantly for the display of ads will be rejected 

8. Trademarks and trade dress 

8.1 Apps must comply with all terms and conditions explained in the Guidelines for Using 
Apple 

8.2 Trademarks and Copyrights and the Apple Trademark List 

8.3 Apps that suggest or infer that Apple is a source or supplier of the app, or that Apple 
endorses any particular representation regarding quality or functionality will be re- 
jected 

8.4 Apps which appear confusingly similar to an existing Apple product or advertising 
theme will be rejected 
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8.5 Apps that misspell Apple product names in their app name (i.e., GPS for Iphone, iTunz) 
will be rejected 

8.6 Use of protected 3rd party material (trademarks, copyrights, trade secrets, otherwise 
proprietary content) requires a documented rights check which must be provided upon 
request 

8.6 Google Maps and Google Earth images obtained via the Google Maps API can be used 
within an application if all brand features of the original content remain unaltered and 
fully visible. Apps that cover up or modify the Google logo or copyright holders identi- 
fication will be rejected 

9. Media content 

9.1 Apps that do not use the MediaPlayer framework to access media in the Music Library 
will be rejected 

9.2 App user interfaces that mimic any iPod interface will be rejected 

9.3 Audio streaming content over a cellular network may not use more than 5MB over 5 
minutes 

9.4 Video streaming content over a cellular network longer than 10 minutes must use 
HTTP Live Streaming and include a baseline 64 kbps audio-only HTTP Live stream 

10. User interface 

10.1 Apps must comply with all terms and conditions explained in the Apple iOS Human 
Interface Guidelines 

10.2 Apps that look similar to apps bundled on the iPhone, including the App Store, iTunes 
Store, and iBookstore, will be rejected 

10.3 Apps that do not use system provided items, such as buttons and icons, correctly and as 
described in the Apple iOS Human Interface Guidelines may be rejected 

10.4 Apps that create alternate desktop/home screen environments or simulate multi-app 
widget experiences will be rejected 

10.5 Apps that alter the functions of standard switches, such as the Volume Up/Down and 
Ring/Silent switches, will be rejected 

10.6 Apple and our customers place a high value on simple, refined, creative, well thought 
through interfaces. They take more work but are worth it. Apple sets a high bar. If your 
user interface is complex or less than very good, it may be rejected 

11. Purchasing and currencies 

11.1 Apps that unlock or enable additional features or functionality with mechanisms other 
than the App Store will be rejected 

11.2 Apps utilizing a system other than the In App Purchase API (LAP) to purchase content, 
functionality, or services in an app will be rejected 

11.3 Apps using IAP to purchase physical goods or goods and services used outside of the ap- 
plication will be rejected 

11.4 Apps that use IAP to purchase credits or other currencies must consume those credits 
within the application 

11.5 Apps that use IAP to purchase credits or other currencies that expire will be rejected 

11.6 Content subscriptions using IAP must last a minimum of 7 days and be available to the 
user from all of their iOS devices 

11.7 Apps that use IAP to purchase items must assign the correct Purchasability type 

11.8 Apps that use IAP to purchase access to built-in capabilities provided by iOS, such as 
the camera or the gyroscope, will be rejected 

11.9 Apps containing “rental” content or services that expire after a limited time will be re- 
jected 

11.10 Insurance applications must be free, in legal-compliance in the regions distributed, and 
cannot use IAP 

11.11 In general, the more expensive your app, the more thoroughly we will review it 

11.12 Apps offering subscriptions must do so using IAP, Apple will share the same 70/30 rev- 
enue split with developers for these purchases, as set forth in the Developer Program 
License Agreement. 

11.13 Apps that link to external mechanisms for purchases or subscriptions to be used in the 
app, such as a “buy” button that goes to a website to purchase a digital book, will be re- 
jected 

11.14 Apps can read or play approved content (specifically magazines, newspapers, books, 
audio, music, and video) that is subscribed to or purchased outside of the app, as long 
as there is no button or external link in the app to purchase the approved content. 

Apple will not receive any portion of the revenues for approved content that is sub- 
scribed to or purchased outside of the app 
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12. Scraping and aggregation 

12.1 Applications that scrape any information from Apple sites (for example from apple.com, 
iTunes Store, App Store, iTunes Connect, Apple Developer Programs, etc) or create 
rankings using content from Apple sites and services will be rejected 

12.2 Applications may use approved Apple RSS feeds such as the iTunes Store RSS feed 

12.3 Apps that are simply web clippings, content aggregators, or a collection of links, may be 
rejected 

13. Damage to device 

13.1 Apps that encourage users to use an Apple Device in a way that may cause damage to 
the device will be rejected 

13.2 Apps that rapidly drain the device’s battery or generate excessive heat will be rejected 

14. Personal attacks 

14.1 Any app that is defamatory, offensive, mean-spirited, or likely to place the targeted in- 
dividual or group in harms way will be rejected 

14.2 Professional political satirists and humorists are exempt from the ban on offensive or 
mean-spirited commentary 

15. Violence 

15.1 Apps portraying realistic images of people or animals being killed or maimed, shot, 
stabbed, tortured or injured will be rejected 

15.2 Apps that depict violence or abuse of children will be rejected 

15.3 “Enemies” within the context of a game cannot solely target a specific race, culture, a 
real government or corporation, or any other real entity 

15.4 Apps involving realistic depictions of weapons in such a way as to encourage illegal or 
reckless use ofsuch weapons will be rejected 

15.5 Apps that include games of Russian roulette will be rejected 

16. Objectionable content 

16.1 Apps that present excessively objectionable or crude content will be rejected 

16.2 Apps that are primarily designed to upset or disgust users will be rejected 

17. Privacy 

17.1 Apps cannot transmit data about a user without obtaining the user’s prior permission 
and providing the user with access to information about how and where the data will be 
used 

17.2 Apps that require users to share personal information, such as e-mail address and date 
of birth, in order to function will be rejected 

17.3 Apps that target minors for data collection will be rejected 

18. Pornography 

18.1 Apps containing pornographic material, defined by Webster’s Dictionary as “explicit de- 
scriptions or displays of sexual organs or activities intended to stimulate erotic rather 
than aesthetic or emotional feelings”, will be rejected 

18.2 Apps that contain user generated content that is frequently pornographic (ex “Chat 
Roulette” apps) will be rejected 

19. Religion, culture, and ethnicity 

19.1 Apps containing references or commentary about a religious, cultural or ethnic group 
that are defamatory, offensive, mean-spirited or likely to expose the targeted group to 
harm or violence will be rejected 

19.2 Apps may contain or quote religious text provided the quotes or translations are accu- 
rate and not misleading. Commentary should be educational or informative rather than 
inflammatory 

20. Contests, sweepstakes, lotteries, and raffles 

20.1 Sweepstakes and contests must be sponsored by the developer/company of the app 

20.2 Official rules for sweepstakes and contests, must be presented in the app and make it 
clear that Apple is not a sponsor or involved in the activity in any manner 
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20.3 It must be permissible by law for the developer to run a lottery app, and a lottery app 
must have all of the following characteristics: consideration, chance, and a prize 

20.4 Apps that allow a user to directly purchase a lottery or raffle ticket in the app will be 
rejected 

21. Charities and contributions 

21.1 Apps that include the ability to make donations to recognized charitable organizations 
must be free 

21.2 The collection of donations must be done via a website in Safari or an SMS 

22. Legal requirements 

22.1 Apps must comply with all legal requirements in any location where they are made 
available to users. It is the developer’s obligation to understand and conform to all local 
laws 

22.2 Apps that contain false, fraudulent or misleading representations will be rejected 

22.3 Apps that solicit, promote, or encourage criminal or clearly reckless behavior will be re- 
jected 

22.4 Apps that enable illegal file sharing will be rejected 

22.5 Apps that are designed for use as illegal gambling aids, including card counters, will be 
rejected 

22.6 Apps that enable anonymous or prank phone calls or SMS/MMS messaging will be re- 
jected 

22.7 Developers who create apps that surreptitiously attempt to discover user passwords or 
other private user data will be removed from the iOS Developer Program 

22.8 Apps which contain DUI checkpoints that are not published by law enforcement agen- 
cies, or encourage and enable drunk driving, will be rejected 

Living document 

This document represents our best efforts to share how we review apps submitted 
to the App Store, and we hope it is a helpful guide as you develop and submit your 
apps. It is a living document that will evolve as we are presented with new apps 
and situations, and we’ll update it periodically to reflect these changes. 

Thank you for developing for iOS. Even though this document is a formidable list 
of what not to do, please also keep in mind the much shorter list of what you must 
do. Above all else, join us in trying to surprise and delight users. Show them their 
world in innovative ways, and let them interact with it like never before. In our ex- 
perience, users really respond to polish, both in functionality and user interface. Go 
the extra mile. Give them more than they expect. And take them places where they 
have never been before. We are ready to help. 

© Apple, 2011 


Response to Written Questions Submitted by Hon. John F. Kerry to 

Alan Davidson 

Question 1. What is your general impression of the legislation on privacy that has 
been introduced in Congress thus far? 

Answer. With respect to specific legislation, we salute the work of Senators Kerry 
and McCain to develop a comprehensive approach to privacy based on the same 
principles of transparency, control, and security we apply to our own services. We 
look forward to continued conversations about all of the privacy bills that have been 
introduced by members of the Committee as these bills evolve. 

Google also supports ongoing Congressional work in two other areas which will 
strengthen Americans’ privacy protections and provide consistency for providers. 
First, we applaud Congress’ efforts to promote uniform, reasonable security prin- 
ciples, including data breach notification procedures, to ensure that the bad acts of 
criminal hackers or inadequate security on the part of companies do not undermine 
consumer trust for all services. Second, we support the efforts underway to update 
the Electronic Communications Privacy Act, the U.S. law governing government ac- 
cess to stored communications, to accord with the reasonable expectations of users 
of cloud computing services. 

In general, Google supports the development of a comprehensive, baseline privacy 
framework that can ensure broad-based user trust and will support continued inno- 
vation. Key considerations for any such approach include even-handed application 
to all personal data regardless of source or means of collection, recognition of both 
the benefits and costs of legislating, particularly actual harm to users and compli- 
ance costs, and consistency of privacy rules across jurisdictions. In general, Google 
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does not favor a siloed approach to privacy law that focuses singularly on current 
technology or specific business models, such as location information or “Do Not 
Track” advertising privacy proposals. Instead, providers and consumers need con- 
sistent, baseline principles that will apply both to these issues and those to come 
in the future. 

Question 2. Your answer to this question is important for helping us frame the 
debate and how you view it. For the record, when a company or organization collects 
someone’s information, do you believe that the information is at that point the col- 
lector’s or is the collector simply a steward of people’s information and that the peo- 
ple on whom information is collected should retain some rights and authority over 
that information? 

Answer. When you store your personal information online, we believe you should 
retain control of that data. This is why, for instance, we offer the Google Dashboard, 
(www.google.com / dashboard), to provide users with a one-stop, easy-to-use control 
panel to manage the use and storage of personal information associated with their 
Google accounts. In the Dashboard, a user can see, edit and delete the personally 
identifiable data stored with her individual Google account. 

Providing our users with control over their personal information must also mean 
giving them the ability to take data with them if they decide to leave. In 2007 an 
engineering team at Google started the Data Liberation Front (http:/ / 
www.dataliberation.org) to ensure that users are able to easily move their data in 
and out of Google products. The critical insight of the Data Liberation Front engi- 
neers was a recognition that users should never have to use a service unless they 
are able to easily retrieve the content they created with that service at no additional 
cost beyond what they’re already paying for it. Starting with our Gmail service and 
now covering more than 25 Google products where users create and store personal 
information, these engineers have built tools to allow our users to “liberate” data 
if they choose to switch providers or to stop using one of our services. 

Data portability has benefits for our users and for Google. First, our product 
teams know just how easy it is for their users to move to a competitor’s product, 
and understand that their success depends upon continuing to be responsive to pri- 
vacy and product concerns and acting quickly to address them. Second, allowing our 
users the freedom to leave honors our commitment to put users in control. We be- 
lieve that this kind of “user empowerment by design” is an effective means of ensur- 
ing respect for user privacy without chilling innovation. 

Question 3. In your testimony, you state that location sharing on Android devices 
is strictly opt-in for your users, with clear notice and control. You go on to state 
that is how location services should work. Do the application providers using the 
Android platform share that belief and why can’t you require them to comply with 
that principle? 

Answer. While we cannot speak on behalf of application developers, Google indeed 
requires every Android application to obtain the consent of the user prior to ena- 
bling access to location data via the device. The Android operating system uses a 
permissions model in which the user is automatically informed of certain types of 
information an application will be able to access (see the figure of the permissions 
screen below). An application can only access the device’s GPS location or the de- 
vice’s network location if it displays a notice for this permission to the user at time 
of installation. The user may choose to trust the application by completing the in- 
stallation or the user may choose to cancel the installation. However, the Android 
platform does not have the ability to control the behavior of third party developers 
or how they handle location information and other user information that the third 
party application obtains from the device. 
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In addition to the permissions structure of Android, developers that upload appli- 
cations to the Android Market must agree to the Android Market developer agree- 
ment ( http :/ / www.android.com / us / developer-distribution-agreement.html), pursu- 
ant to which developers agree to comply with applicable laws and to protect the pri- 
vacy rights of users. The specific relevant language is as follows: 

4.2 You agree to use the Market only for purposes that are permitted by (a) this 
Agreement and (b) any applicable law, regulation or generally accepted practices 
or guidelines in the relevant jurisdictions (including any laws regarding the ex- 
port of data or software to and from the United States or other relevant coun- 
tries). 

4.3 You agree that if you use the Market to distribute Products, you will protect 
the privacy and legal rights of users. If the users provide you with, or your Prod- 
uct accesses or uses, user names, passwords, or other login information or per- 
sonal information, you must make the users aware that the information will be 
available to your Product, and you must provide legally adequate privacy notice 
and protection for those users. Further, your Product may only use that informa- 
tion for the limited purposes for which the user has given you permission to do 
so. If your Product stores personal or sensitive information provided by users, it 
must do so securely and only for as long as it is needed. But if the user has opted 
into a separate agreement with you that allows you or your Product to store or 
use personal or sensitive information directly related to your Product (not includ- 
ing other products or applications) then the terms of that separate agreement 
will govern your use of such information. If the user provides your Product with 
Google Account information, your Product may only use that information to ac- 
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cess the user’s Google Account when, and for the limited purposes for which, the 
user has given you permission to do so. 

Android Market is built on the principle of openness, with the goal of encouraging 
innovation and user choice. With this principle in mind, Google does not pre-screen 
applications before they are made available by developers to users of Android Mar- 
ket. But we will remove applications when we are notified about, or otherwise dis- 
cover, applications that violate our developer agreement or policies. As of May 31, 
2011, Google is removing an average of 250-300 applications per day from Android 
Market due to violations of our developer agreement or policies. 

Google also strongly encourages application developers to use best practices for 
handling user data (http : / / android-developers.blogspot.com / 2010 / 08 / best-practices- 
for-handling-android.html), including recommendations that developers publish pri- 
vacy policies and give users choice regarding data collection. 

Many Android applications, however, are offered via other application stores or 
directly from the developers’ websites. Since these applications are not offered 
through the Android Market, their developers are not subject to the Android Market 
developer agreement. But tbe permissions model described above and in our testi- 
mony would still apply (as this is a technical function of the Android operating sys- 
tem). 

Note that because of the open source nature of the Android operating system, a 
device manufacturer can modify the Android operating system and can build an An- 
droid device without any involvement by Google. The response to this question and 
the questions below only relate to unmodified versions of the Android operating sys- 
tem as released by Google. 

Question 4. In your testimony, you state that all applications using the Android 
operating system are prohibited from collecting user location information without 
the user’s consent and without the user being informed of the types of information 
an application will be able to access. But then you go on to say that Google “does 
not and cannot control the behavior of third party applications.” If you can control 
that they get consent and inform users on what is being collected, why can’t you 
require them commit to not transferring that information to third parties without 
consent or require them to place reasonable retention limits on the information they 
collect or apply any of the other fair information practice principles? 

Answer. As we discussed in the previous answer, the Android operating system 
uses a permissions model in which the user is automatically informed of certain 
types of information an application will be able to access. Once that permission is 
granted however, the operating system does not have the ability to control the be- 
havior of third party developers or how they handle location information and other 
user information that the third party application obtains from the device. 

While there is no technical means of limiting the use of data collected by applica- 
tion developers, as discussed above, developers that upload applications to the An- 
droid Market must agree to the Android Market developer agreement, pursuant to 
which developers agree to comply with applicable laws and to protect the privacy 
rights of users. 

Question 4a. If you are not going to take responsibility for non-Google owned and 
operated application providers, shouldn’t they as well as you, be subject to some 
legal code of conduct to ensure fair information practice principles are respected? 

Answer. As discussed above, Google supports the development of a comprehensive 
privacy framework that applies baseline principles uniformly across entities that 
collect personal data and across jurisdictions. We look forward to working with the 
Committee and others in Congress on this issue. 

In the meantime, Google strongly supports the development of codes of conduct 
and other mechanisms to push application developers to adopt practices that pre- 
serve user privacy and engage in responsible data collection and use. The mobile 
application industry can and should model the self-regulatory effort in the online 
advertising and publishing industries, which brought together hundreds of stake- 
holders to create uniform, enforceable standards for notice and control over targeted 
ads. Google has been deeply involved in that effort, and similarly hopes to work 
with other platform companies, app developers, and mobile carriers to better ensure 
transparency, user control, and security in this nascent industry. 
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Response to Written Questions Submitted by Hon. John F. Kerry to 
Amy Guggenheim Shenkan 

Question 1. What is your general impression of the legislation on privacy that has 
been introduced in Congress thus far? 

Answer. Common Sense Media is gratified to see the growing amount of focus 
that legislators in both chambers and on both sides of the aisle are bringing to this 
crucial issue. 

Privacy is important to all Americans, but we believe it is especially important 
for kids and teens. So while we appreciate the focus on overall privacy rights, we 
would also like to see more emphasis on parents’ rights to protect the privacy of 
their children, and on better tools and information that will help parents exercise 
those rights. 

Question 2. Your answer to this question is important for helping us frame the 
debate and how you view it. For the record, when a company or organization collects 
someone’s information, do you believe that the information is at that point the col- 
lector’s or is the collector simply a steward of people’s information and that the peo- 
ple on whom information is collected should retain some rights and authority over 
that information? 

Answer. Our personal information belongs to each of us. We may authorize a com- 
pany or organization to use our personal information, but it remains ours, and those 
companies or organizations have an obligation to be careful stewards of our informa- 
tion. Unfortunately, too many companies have demonstrated lately that they are not 
careful stewards, and that needs to change. 


Prepared Statement of Fran Maier, President, TRUSTe 

Chairman Pryor, Ranking Member Toomey, and distinguished members of the 
Subcommittee — my name is Fran Maier, and I am President of TRUSTe, the world’s 
leading provider of online privacy solutions. On behalf of TRUSTe, I applaud the 
Subcommittee’s efforts and inquiries around protecting consumer privacy in today’s 
mobile marketplace, as this is a topic that continues to present challenges for Amer- 
ican consumers and companies providing products and services in the mobile eco- 
system. We appreciate the opportunity to provide testimony on the issues, as well 
as results from two research studies that TRUSTe recently conducted, and that may 
be of interest: 

• TRUSTe’s survey of 1,000 smartphone users, conducted together with Harris 
Interactive, that focuses on user attitudes toward smartphone privacy. 1 

• TRUSTe’s analysis of data collection from a sample of the 300 most popular 
apps on the Android, Apple and Blackberry mobile platforms (copy attached) 

At TRUSTe, our focus is providing clients with a self-regulatory framework that 
both enhances incentives and encourages innovation around the commercial collec- 
tion and use of consumer data. Based in San Francisco, California, we were founded 
as a non-profit, industry association in 1997. In 2008, we converted to for-profit sta- 
tus, with venture investment. Today, we certify the online privacy practices of over 
4,000 web properties across a variety of platforms and services — including mobile. 
We provide privacy solutions to companies of all sizes — from smaller websites to 
larger companies with multiple brands and online properties. 

TRUSTe supports the recommendations of the FTC and the U.S. Department of 
Commerce around the importance of developing a self-regulatory framework for on- 
line privacy. We believe that a self-regulatory model, if articulated correctly, is best 
equipped to deal with the privacy challenges posed by the complexity of business 
models in the online and mobile ecosystems. 

Self-regulation works because it is agile enough to address the complexity of busi- 
ness practices in dynamic industries — like technology — while also preserving incen- 
tives for competition and innovation in a diverse ecosystem. TRUSTe, like other self- 
regulatory organizations, can detect lapses in the system, when they occur, and 
work directly with a company to resolve them. We also guide companies toward 
more sustainable and consumer-friendly business practices helping them re-evaluate 
and, in some cases, alter their current product strategies and implementations. 


1 TRUSTe recently released the results of a nationwide Harris Interactive survey of one thou- 
sand smart phone users, concerning privacy and use of mobile applications and mobile websites. 

More details at: http :/ / www.truste.com / why TRUSTe privacy services / harris-mobile-sur- 

vey I . 
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At the end of the day however, we also believe that a successful self-regulatory 
program should work in tandem with government regulation. TRUSTe works closely 
with the FTC and other government agencies; proactively, around the launch of new 
products and services and in certain rare cases, enforcement referrals. 2 We also 
think it is important to have strong regulatory enforcement, especially in cases 
where companies willfully disobey self-regulatory requirements to the detriment of 
consumers. 

TRUSTe’s approach to self-regulation starts with our Program Requirements, 
which form the basis of our privacy seal program. Only sealholders and clients who 
are successfully certified under these requirements get to display the TRUSTe seal 
on their e-mails, downloads, mobile applications, and websites (we have provided 
some details about our certification process later in this testimony). In addition, we 
continue to evolve our Program Requirements in response to regulatory changes, as 
well as best practices and technological advancements on the desktop and mobile 
web. 

Earlier this year, we announced major updates to our Program Requirements that 
better address the innovative changes and newer business practices we’ve seen in 
media and web technologies over the past few years: online behavioral advertising, 
mobile apps and marketing and social networking. 3 We worked closely with our cli- 
ents, including several launching new products and services, to incorporate these 
updated privacy requirements into their existing privacy compliance. These updates 
to TRUSTe’s Program Requirements exemplify why self-regulation works; at a time 
when privacy compliance standards remain in flux, it’s important to have a frame- 
work that is both agile and relevant enough to provide a company the guidance (and 
confidence) it needs to engage customers and expand business opportunities. 

TRUSTe has also observed robust growth in the market for self-regulation during 
the past year, and believe there are significant opportunities for self-regulatory 
compliance- on both the mobile and desktop web. During the past year, TRUSTe has 
launched three new privacy solutions — addressing Online Behavioral Advertising 
notice and choice to consumers, cloud applications and, most relevantly, mobile cer- 
tification. TRUSTe is now the largest provider of the DAA’s Self-Regulatory Pro- 
gram for Online Advertising through its TRUSTed Ads 4 program, which was just 
launched earlier this year. TRUSTed ads now serves more than 10 billion adver- 
tising choice icon impressions per month, and delivers online behavioral advertising 
notice and choice to consumers. 

In the following sections, I provide some more details about TRUSTe — our guiding 
philosophy, as well as more details about our web seal and mobile certification proc- 
esses. 

Truth in Privacy 

Essentially, the TRUSTe philosophy is “Truth in Privacy” — a concept that incor- 
porates transparency, choice and accountability, and which aims to bring confidence 
to all stakeholders — businesses, consumers and governments — who view the 
TRUSTe seal. 

For consumers, Truth in Privacy means: 

• Accurate and comprehensive disclosures about personal information collection 
and/or use, that are readily accessible and in an easy to understand format 

• Accessible choices and tools to help users proactively set personal information 
boundaries 

• Direct, meaningful contact between the consumer and either the client/seal 
holder or TRUSTe, to resolve privacy concerns. 

A recent TRUSTe/TNS brand survey shows that the TRUSTe seal gives con- 
sumers confidence — a site that displays the TRUSTe seal will follow its stated pri- 
vacy practices. 5 In some cases, the presence of a TRUSTe seal was a deciding factor 
in whether the user wanted to share personal information with a site (or not). And, 


2 For instance, in 2008, we referred the case of Classic Closeouts to the FTC. 

3 Updates to TRUSTe’s Privacy Seal Program , available at: http:l j www.truste.com/ privacy- 
program-requirements / . 

4 TRUSTe is now the largest provider of the Digital Advertising Association’s Self-Regulatory 

Program for Online Advertising, serving over 100 billion impressions per month. For more de- 
tails, visit: http : / / www.truste.com /privacy seals and services / enterprise privacy / trusted- 

ads. html. 

5 TRUSTe— 2009 TNS brand survey. 
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over 92 percent of consumers that used TRUSTe’s Watchdog resolution mechanism 
stated that they would recommend the service to a friend. 6 

Truth in Privacy also has significance for our clients and sealholders. Displaying 
the TRUSTe seal means that the client or seal holder is: 

• Developing privacy practices that align with leading industry standards and 
governing laws 

• Providing & honoring consumer choices on personal information collection & use 

• Innovating around privacy — developing “best of breed” privacy notices, etc. 

• Being accountable for stated privacy promises (privacy policy, notice, etc.). 

Governments also recognize the TRUSTe seal as a symbol of consumer safety and 
regulatory compliance, both here in the U.S. and internationally. In 2000, TRUSTe 
became a provider of the EU Safe Harbor Privacy services as outlined by the U.S. 
Department of Commerce and the European Union, and we are now the largest pro- 
vider of EU Safe Harbor dispute resolution services. In 2001, the Federal Trade 
Commission approved TRUSTe’s COPPA 7 Kid’s Seal Program as an authorized safe 
harbor under the Children’s Online Privacy Protection Act; today, we are the largest 
COPPA provider. 

TRUSTe Core Program Requirements & Web Seal Certification 

TRUSTe’s web seal certification program is a voluntary, self-regulatory program. 
Clients and sealholders are first certified against a core set of Program Require- 
ments, and then have the option to get additional certification in other areas, in- 
cluding mobile privacy. 

TRUSTe charges companies for web privacy certification based on a number of 
factors, including the size of the organization (either measured by revenue or pages 
served), the complexity of their web property and privacy practices (we charge more, 
for example, if there are a number of different brands with different websites under 
one company), the volume of data collected and the number of TRUSTe certification 
programs they use (Mobile certification, EU Safe Harbor certification, COPPA cer- 
tification, etc). Thanks in part to technology such as our “automatic privacy policy 
generator,” TRUSTe is able to deliver cost-effective services to small companies. In 
our experience, however, risk does not always correlate to size; a very small busi- 
ness can have incredibly complex data collection and management practices, while 
very large companies can sometimes have very simple data practices that may not 
even entail the collection or use of sensitive information. 

TRUSTe certification begins with a direct evaluation of the website or application 
being certified, as well as the attestations and representations made by the company 
seeking certification. To supplement our direct evaluation and client attestations, 
TRUSTe employs monitoring technologies that verify compliance e.g., scanners that 
confirm whether cookies are being dropped, whether age information is being col- 
lected, and whether changes are being made to privacy policies. We also employ e- 
mail seeding and https-encryption of sensitive information during transmission, 
traffic analysis, etc. While our focus is privacy compliance, our certification process 
has also helped certain clients and sealholders become aware of important security 
vulnerabilities in their data collection and use systems. 

TRUSTe generally looks at the context of a practice — what type of data is being 
collected and with whom is it being shared — before determining the privacy obliga- 
tions for that practice. For consent, the requirements for our website and mobile 
seal are the same, and differ whether the use is by first or third parties. Our Pro- 
gram Requirements include specific requirements around notice and choice: express 
or opt-in consent is required for all collection of “sensitive” data (we classify finan- 
cial, medical and geo-location data as sensitive). We also require express consent for 
third party sharing, when the sharing is for the third party’s secondary use. Finally, 
our Program Requirements acknowledge the growing reality that companies need to 
be transparent about all data collection, not just personal data collection, because 
discrete data elements (while lacking identifying characteristics on their own) can 
be used in combination to personally identify consumers. 8 


6 TRUSTe monitors compliance by clients and sealholders through its consumer complaint 
mechanism known as Watchdog. The Watchdog Dispute resolution mechanism is extremely suc- 
cessful; in a 2010 TRUSTe survey, 92.3 percent of consumers that used Watchdog stated that 
they would recommend the service to a friend. 

7 “COPPA” refers to the Children’s Online Privacy Protection Act of 1998, specifically the pro- 
visions around safe harbor. 

8 This is a forward thinking perspective that was advanced by FTC staff in their recent report. 
Specifically, staff noted the “the blurring of the distinction between personally identifiable infor- 

Continued 
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TRUSTe knows that for the most part, our clients and sealholders want to elevate 
trust in their brand through exemplary privacy practices. In the dynamically chang- 
ing world of the desktop and mobile web, this is always an evolving process. Nearly 
all of our clients and seal holder applicants will make changes to their existing prac- 
tices to qualify for TRUSTe certification. In some cases, making these changes isn’t 
enough for certification; in 2010, over 7 percent of applicants for our enterprise cer- 
tification (those that are not using our more automated privacy policy and certifi- 
cation program aimed at smaller businesses) did not qualify for TRUSTe certifi- 
cation Because they did not meet our rigorous certification standards. 9 TRUSTe also 
retains the option to decline certification or terminate certification in situations 
where we cannot certify an applicant’s business model or where the applicant’s busi- 
ness model is otherwise sufficiently problematic to warrant denial, e.g., an applica- 
tion or website involving online gambling. 

TRUSTe closely reviews and monitors all business practices prior to certification, 
and checks them again annually upon renewal by the client or seal holder. In addi- 
tion, clients and sealholders are required to contact TRUSTe in advance of making 
material changes to their privacy policies or business practices. We initiate compli- 
ance investigations based on certain events, such as: 

• monitoring events resulting from TRUSTe’s scanning technology or our inde- 
pendent e-mail seeding of a client or sealholders’ e-mail lists 

• receiving a Watchdog dispute resolution complaint from a consumer 

• press, news reports, regulatory hearings and reports. 

At TRUSTe, we generally reach out to the client and seal holder when we first 
learn of an issue. In some cases, we may precede this initial contact with an own 
independent investigation to determine if the issue can be reproduced. In our experi- 
ence, TRUSTe clients and sealholders generally acknowledge and fix issues prompt- 
ly. In some cases, we find that issues are addressed prior to TRUSTe’s learning of 
it. Depending on the nature of the issue, the client or seal holder’s good faith and 
timely responsiveness, and the timing of expected resolution for an issue, TRUSTe 
may choose not to resort to a formal enforcement process e.g., if the issue is fixed 
before the cure period completed. As TRUSTe’s privacy solutions are voluntary pro- 
grams, clients and sealholders may choose to terminate certification at any time — 
unless TRUSTe has initiated a formal enforcement proceeding against the client and 
that proceeding remains unresolved. 

To preserve incentives for privacy certification, TRUSTe believes that appropriate 
confidentiality and due process (including the opportunity to cure) must be an inte- 
gral part of any self-regulatory framework. Our formal enforcement process consists 
of three stages: 

1. TRUSTe investigation — including outreach to the client or seal holder in 
question 

2. Suspension with opportunity to cure — Depending on the results of the 
TRUSTe investigation, the client or seal holder will be given suspended from 
the certification program, with the opportunity to cure within an allotted time 
2. Termination — If the client or seal holder does not cure the issue within the 
allotted time, TRUSTe will issue a Termination for Cause, and end its certifi- 
cation of the client or seal holder in question. 

Depending on the nature of the violation, TRUSTe may take additional steps such 
as publishing the termination and/or referring the issue to the attention of a regu- 
latory or other governmental agency, including the FTC. Our of our prior FTC refer- 
rals was ClassicCloseouts in 2008; we assisted the FTC with the investigation, and 
they brought action for permanent injunction and relief against the site, ultimately 
obtaining a $2.08 million settlement to provide redress for consumers. 

TRUSTe Mobile Certification 

TRUSTe’s mobile privacy certification program helps companies successfully use 
technologies such as geo-location, advertising, and social networking to improve con- 
sumer adoption of their platforms and mobile apps. 10 Clients or sealholders seeking 


mation and supposedly anonymous or de-identified information. FTC Staff Report, Protecting 
Consumer Privacy in an Era of Rapid Change (2010), available at: http : / / www.ftc.gov / os / 2010 V 
1211 01201privacyreport.pdf. 

9 The exact figure is 7.4 percent — out of a total of 2611 TRUSTe clients and sealholders, 193 
did not complete certification in 2010. 

10 More details about TRUSTe mobile privacy certification are available at: http :/ / 
www.truste.com/ privacy seals and services / enterprise privacy / mobile certification.html. 
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mobile certification will first need to comply with our core Program Requirements. 
The specifics of our projected mobile privacy certification platform are illustrated in 
Figure 1, below. We hope to deploy all of these certification services within the next 
few months. 

Figure 1 — TRUSTe’s Mobile Privacy Platform 
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Under the TRUSTe mobile certification process (and similar to our process for web 
seal certification), we first review all business practices of a mobile web or 
applicationsite to determine eligibility for certification. Once certification is granted, 
TRUSTe verifies compliance with our program requirements through a combination 
of scanning and seeding technology that looks for specific privacy “markers” e.g., are 
cookies, beacons, scripts or other types of targeting or tracking technology being 
used, what kind of information is being collected and is sensitive information being 
protected. We also perform a thorough review of the mobile app or website’s privacy 
policy, if available and will require that companies modify their privacy statement 
to reflect current data management practices. For mobile apps specifically, we per- 
form a data packet analysis; we analyze data transfers to/from the app (and where 
needed, test for secure transfers), confirm data collection practices and identify third 
party data-sharing and transfers. 

Similar to our web seal certification process, TRUSTe generally looks to the con- 
text of a practice — what type of data is being collected by the mobile app or website, 
is it for first party or third party use, etc. — before determining the privacy obliga- 
tions for that practice. Sensitive data that is collected for first-party use requires 
a consumer’s express consent before it is shared with third parties. 11 Under 
TRUSTe’s web seal and mobile certification programs, we classify geo-location data 
as sensitive data. This means that TRUSTe clients and sealholders must get a 
user’s express or opt-in consent before sharing that data with third parties, includ- 
ing third party application developers. 

TRUSTe also requires notice for all third party data collection and use on a mo- 
bile device. For collection and use of sensitive data by third parties, the consumer’s 
express consent must be obtained. For non-sensitive data that will be shared with 
third parties, a consumer must be given notice that the data is going to be shared — 
either through a link to a privacy policy at the point of collection, or a check box 
at the point of collection, if a TRUSTe client or seal holder plans to share a con- 
sumer’s personal information with third parties for unexpected purposes, they are 
also required to provide a Just-in-Time notice and opt-out mechanism. 

TRUSTe has also been at the forefront of creating innovative solutions that help 
our clients and sealholders address the challenge of presenting a comprehensive pri- 
vacy notice on the small screen. For instance, our mobile short notice format uses 
a mix of icons and text to address key privacy concerns such as the collection and 


11 In contrast, we require non-express or “opt-out” consent for first party collection of non-sen- 
sitive data for the first party’s use. 
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use of geo-location information on a mobile device. We have provided two examples 
of our mobile short notice, in Figures 2 and 3 below. 

Figure 2 — TRUSTe Mobile Short Notice for Location Services using Geo- 
location data 



Figure 3 — TRUSTe Mobile Short Notice Showing Purposes for Data 
Collection 



Currently, examples of TRUSTe certified mobile applications include: 
Breastcancer.org (iPhone) 

Callvine (iPhone) 

Lookout (Android) 

Worldmate (Blackberry, mobile web) 

TRUSTe — Harris Interactive Mobile Privacy Survey 

As the Subcommittee knows, TRUSTe and Harris Interactive recently conducted 
a nationwide survey of 1,000 smartphone users that focused on mobile privacy. 12 


12 See TRUSTe: Mobile Privacy User Results, available at: http: / / www.truste.com / 
why TR USTe privacy services / harris-mobile-survey / . 





123 


The survey provides important data about consumers’ mobile privacy attitudes and 
concerns, while also identifying areas where mobile app and operating system devel- 
opers could do more to provide increased privacy protections for consumers. Given 
the lack of relevant research on consumer mobile privacy, TRUSTe had a particular 
interest in conducting the survey: we serve consumers and we wanted to know their 
concerns, so that we could inform our clients and sealholders accordingly, while also 
making necessary revisions to our recently launched mobile privacy certification 
program. 

The key findings of the TRUSTe-Harris survey are illuminating. The vast major- 
ity of respondents (98 percent) believed that privacy is important when using smart 
phones — in fact, more than 1 in 3 of the respondents (38 percent) identified privacy 
as their number one concern when using mobile applications, followed by security 
(26 percent) and identity tracking (19 percent). Most respondents remain concerned 
about targeting and tracking technologies on smart phone devices — particularly 
those that collect geo-location data. And, despite increased adoption of smart phones 
in recently years, 1 in 3 respondents felt that they were in less in control of their 
personal information with a smart phone device. 

Most significantly, the TRUSTe — Harris survey demonstrates the extent to which 
privacy concerns continues to hamper consumer engagement on the mobile platform: 

• 85 percent of the respondents restrict at least some type of information sharing 
on mobile applications; 

• 40 percent of the respondents do not use sites that request personal information 

• 38 percent of the respondents do not access their accounts via a mobile device 

• 52 percent of the respondents are uncomfortable with the idea of signing in to 
other apps on their mobile device with another account ID (FB, Twitter), despite 
convenience 

• 45 percent of the respondents would not share information about themselves 
with any company — even for a free or lower cost app 

• More than 50 percent of the respondents would not be willing to share their 
location, address, date of birth on a smartphone; that number jumps to 92 per- 
cent when it comes to sharing a contacts list. 

TRUSTe Analysis of Mobile Data Collection 

TRUSTe also recently concluded an independent analysis of mobile data collection 
from the top 300 “free” apps on the Android, Apple and Blackberry mobile plat- 
forms. The goal of the analysis was to understand the type of data flows on the 
three most popular mobile platforms using a specific methodology that is part of our 
mobile certification process (Figure 4 below). 

Figure 4. TRUSTe Mobile Labs — Mobile Privacy Certification Process 
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Our analysis yielded some interesting findings about mobile data collection prac- 
tices. Analyzing the types of data collected by sample of the 300 most popular 
apps 13 on Android, Apple and Blackberry, we found that: 

• Most apps (39 percent) collect geo-location data 

• Most apps (39 percent) also collect data that allows the user to connect through 
their mobile device to Facebook, Amazon, Twitter, and other platforms. 

• Only 23 percent of the apps had a privacy policy. 

Conclusion 

I want to reiterate TRUSTe’s belief in self-regulation as the most effective way 
to address the privacy challenges posed by the mobile ecosystem. The mobile eco- 
system is still in its very early stages; legislation or policy that is enacted in haste, 
or without careful thought, could easily freeze the robust innovation we currently 
see on the mobile web. 

Self-regulation also provides us with the information needed to adapt a frame- 
work to evolving technologies. This is evidenced by our recent analysis and research 
on mobile privacy, conducted as part of our certification process. This research has 
given TRUSTe, our clients and sealholders, and our partners, important guidance 
for further product and market development. 

In closing, I’d like to share some of these thoughts — specifically, what we think 
are the five essential requirements for a self-regulatory framework to be successful 
at protecting consumer privacy on the mobile web: 

• First, TRUSTe believes that mobile apps and websites should have some form 
of privacy policy that informs the consumer about any collection and use of per- 
sonal data. Our mobile privacy survey shows that a majority of consumers (74 
percent) think it’s important to know what type of data is being by their mobile 
apps. And, based on our sample of the top 300 most popular free apps, only 23 
percent of apps have a privacy policy. 

• Second, we think that consumers of mobile apps and websites should provide 
choice for third party sharing. This is especially true for geo-location and other 
types of sensitive data — consumers should give their express or opt-in consent 
for these types of data collection. Our survey showed for instance, that only 32 
percent of smart phone users felt that they had a choice when it came to geo- 
location data collection. 

• Third, opt-outs should be provided for mobile advertising — our survey showed 
that 85 percent of consumers want to be able to opt-in or out of targeted mobile 
ads. However, any choice mechanisms for online behavioral advertising and tar- 
geting should work across app directories and mobile platforms — otherwise, 
they won’t be effective. We recognize that this is already a challenge due to the 
complex structure of the emerging mobile advertising industry and recommend 
that industry groups work together to develop consistent and workable ap- 
proaches. 

• Fourth, companies participating in a self-regulatory framework should abide by 
its requirements, and also extend those requirements to relevant third parties, 
such as application developers on their platform or service. 

• Fifth, if legislation is contemplated, it should include a safe harbor provision 
and provide incentives for companies to join self-regulatory programs. Safe har- 
bor provisions help foster the growth and promotion of best practices, which in 
turn is critical to the overall success of a self-regulatory framework. 

I trust that the Subcommittee will find this testimony useful as it considers the 
important question of protecting consumer privacy in the mobile age. Thank you for 
your consideration. 


13 TRUSTe used the following sources to compile its list of the 300 most popular apps — 
Apple: www.148apps.com, Android: 101bestandroidapps.com and Androlib.com, Blackberry: Mo- 
bile. Blorge and HoneyTechBlog.com. 
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Methodology 


TRUSTe 

0 


Goal: To understand the type of information collected by top free 
mobile apps on the three most popular platforms 

Info that is most frequently collected 
Range of information collected by apps 
Key differences by platform re: info collected 

Source of Info: Top lists for free Apple, Android and Blackberry Apps as 
of January, 2011 

Date of updated analysis: May 16, 2010 

Methodology: Download, install and interact with the apps performing 
typical activities. Record type of information requested. 


Top Adds List Source: Apple: www.148aPDS.com . Andoid: 101bestandroidapps.com and Androlib.com, Blackberry: Mobile.Blorge and 
HoneyTechBlog.com 
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Percent of Information Collected by Top 300 Free apps 


TRUSTe 



Percent of apps that collect information 
(Average of Apple, Android & Blackberry apps) 



N=300 (Apple: 1 12, Android: 153, Blackberry:35) 
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